Lucene search
K

292 matches found

Github Security Blog
Github Security Blog
added 2024/12/02 10:17 p.m.36 views

Access to Archived Argo Workflows with Fake Token in `client` mode

Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...

7.5CVSS7AI score0.00656EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/11/15 12:20 p.m.6 views

OESA-2024-2411 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests...

8.7CVSS7AI score0.01103EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/11/05 10:4 p.m.85 views

Exploit for Improper Authentication in Swoopnow 1-Click_Login\:_Passwordless_Authentication

CVE-2024-50478 1-Click Login: Passwordless Authentication 1.4...

9.8CVSS9.7AI score0.01092EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.14 views

SUSE SLES15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:3877-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3877-1 advisory. - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed...

8.7CVSS6.9AI score0.01048EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2024/11/01 3:31 p.m.9 views

Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667. Patch Instructions: To instal...

5.9CVSS7.7AI score0.01048EPSS
Exploits0References8
OSV
OSV
added 2024/11/01 3:31 p.m.15 views

SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...

8.7CVSS6.5AI score0.01048EPSS
Exploits0References5
Redos
Redos
added 2024/10/29 12:0 a.m.26 views

ROS-20241029-02

A vulnerability in the Action Dispatch component of the Ruby interpreter with the Action Pack extension is related to bugs in the procedures for filtering Action Dispatch request parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

8.7CVSS7.3AI score0.01103EPSS
Exploits0
Veracode
Veracode
added 2024/10/24 8:25 a.m.9 views

Regular Expression Denial Of Service (ReDoS)

Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regular expression handling in Action Controller's HTTP Token authentication, which can be triggered by a carefully crafted header, causing significant delays in header parsing...

8.7CVSS6.5AI score0.01048EPSS
Exploits0References7Affected Software2
SUSE CVE
SUSE CVE
added 2024/10/17 2:48 a.m.5 views

SUSE CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

5.9CVSS8.8AI score0.01048EPSS
Exploits0References6
NVD
NVD
added 2024/10/16 8:15 p.m.27 views

CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS0.01048EPSS
Exploits0References5
OSV
OSV
added 2024/10/16 8:15 p.m.2 views

DEBIAN-CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS5.4AI score0.01048EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 8:15 p.m.2 views

UBUNTU-CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS6.4AI score0.01048EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/10/16 8:2 p.m.27 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS0.01048EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/16 8:2 p.m.15 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS7.1AI score0.01048EPSS
Exploits0References5
OSV
OSV
added 2024/10/16 8:2 p.m.23 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS5.6AI score0.01048EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2024/10/16 8:2 p.m.14 views

CVE-2024-47887

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS5.4AI score0.01048EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/10/16 4:25 a.m.18 views

CVE-2024-47887

A flaw was found in rubygem actionpack. For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...

3.7CVSS7.1AI score0.01048EPSS
Exploits0References5
OSV
OSV
added 2024/10/15 11:35 p.m.22 views

GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

8.7CVSS5.5AI score0.01048EPSS
Exploits0References3
Snyk
Snyk
added 2024/10/15 11:35 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when using HTTP Token authentication via the method authenticateorrequestwithhttptoken or a similar method. By sending specially crafted headers, an attacker can cause the application to consum...

8.7CVSS6.9AI score0.01048EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/15 11:35 p.m.17 views

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

8.7CVSS7.5AI score0.01048EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder