292 matches found
Access to Archived Argo Workflows with Fake Token in `client` mode
Summary When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name When using --auth-mode=sso, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint:...
OESA-2024-2411 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests...
Exploit for Improper Authentication in Swoopnow 1-Click_Login\:_Passwordless_Authentication
CVE-2024-50478 1-Click Login: Passwordless Authentication 1.4...
SUSE SLES15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:3877-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3877-1 advisory. - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed...
Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667. Patch Instructions: To instal...
SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...
ROS-20241029-02
A vulnerability in the Action Dispatch component of the Ruby interpreter with the Action Pack extension is related to bugs in the procedures for filtering Action Dispatch request parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...
Regular Expression Denial Of Service (ReDoS)
Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regular expression handling in Action Controller's HTTP Token authentication, which can be triggered by a carefully crafted header, causing significant delays in header parsing...
SUSE CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
DEBIAN-CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
UBUNTU-CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
CVE-2024-47887
A flaw was found in rubygem actionpack. For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service...
GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when using HTTP Token authentication via the method authenticateorrequestwithhttptoken or a similar method. By sending specially crafted headers, an attacker can cause the application to consum...
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...