4 matches found
CVE-2024-26144
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-45143
Summary IBM UrbanCode Build is affected by CVE-2022-45143 Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By...
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-34305
Summary IBM UrbanCode Build is affected by CVE-2022-34305 Vulnerability Details CVEID:CVE-2022-34305 DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the...