CVE-2020-10716

CVE-2020-10716 describes a UI access-control flaw in Red Hat Satellite’s Job Invocation: the "User Input" entry is not properly restricted to the view, allowing a user with access to Job Invocation to scan the invocation and search for passwords or other sensitive data. Affected: tfm-rubygem-fore...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:0797-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0797-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

CVE-2021-29509

A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2021:0797-1 Rating: important References: 1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap...

SUSE-SU-2021:1650-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

CVE-2021-22902

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...

CVE-2021-22904

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller...

OESA-2021-1180 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View s translation helpers. Views that allow the user to control the default not found val...

CVE-2021-22885

A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirectto or polymorphicurl helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality...

CVE-2021-22903

A flaw was found in rubygem-actionpack. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to data integrity...

Fedora: Security Advisory for rubygem-railties (FEDORA-2021-7b8b65bc7a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-yard (FEDORA-2021-7b8b65bc7a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-pry (FEDORA-2021-7b8b65bc7a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rubygem-pry-0.13.1-5.fc34

Pry is a runtime developer console and IRB alternative with powerful introspection capabilities. Pry aims to be more than an IRB replacement. It is an attempt to bring REPL driven programming to the Ruby language...

rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token

A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity...

rubygem-rack: hijack sessions by using timing attacks targeting the session id

A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality...

openSUSE: Security Advisory for rubygem-nokogiri (openSUSE-SU-2021:0237-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:1162-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack bsc1159548...