SUSE-SU-2021:1650-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

CVE-2021-22885

A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirectto or polymorphicurl helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality...

CVE-2021-22903

A flaw was found in rubygem-actionpack. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to data integrity...

SUSE-SU-2021:1162-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack bsc1159548...

Fedora 33 : 1:rubygem-actionpack / 1:rubygem-activerecord (2021-b571fca1b8)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-b571fca1b8 advisory. - The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability...

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-8264

A flaw was found in rubygem-actionpack. A XSS vulnerability in Action Pack's Actionable Exceptions middleware while the application server is in development mode is possible. The highest threat from this vulnerability is to data confidentiality and integrity...

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1536-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...

SUSE-SU-2020:2710-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177...

CVE-2020-8166

A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity...

CVE-2020-8164

A flaw was found in rubygem-actionpack. Untrusted hashes of data is possible for values of each, eachvalue, and eachpair which can lead to cases of user supplied information being leaked from Strong Parameters. Applications that use these hashes may inadvertently use untrusted user input. The...