2 matches found
CVE-2022-22577
CVE-2022-22577 describes an XSS vulnerability in Rails’ Action Pack with the claim of bypassing CSP for non-HTML responses. The Initial and connected documents consistently reference this issue in Action Pack (Rails component) and cite multiple advisories (e.g., Debian DSA-5372, Rocky/RLSA adviso...
CVE-2022-27777
CVE-2022-27777 : Rails contains an XSS vulnerability in Action View tag helpers that could allow an attacker to inject content when they can control input in specific attributes. The issue is confirmed across multiple sources (Rails ecosystem advisories and debian/security notes) and is tied to t...