Medium severity5.4NVD Advisory· Published Jun 4, 2024· Updated Jun 17, 2026
CVE-2024-28103
CVE-2024-28103
Description
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actionpackRubyGems | >= 6.1.0, < 6.1.7.8 | 6.1.7.8 |
actionpackRubyGems | >= 7.0.0, < 7.0.8.4 | 7.0.8.4 |
actionpackRubyGems | >= 7.1.0, < 7.1.3.4 | 7.1.3.4 |
actionpackRubyGems | >= 7.2.0.beta1, < 7.2.0.beta2 | 7.2.0.beta2 |
Affected products
28- osv-coords27 versionspkg:bitnami/railspkg:gem/actionpackpkg:rpm/opensuse/rmt-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/rmt-server&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-actionpack-7.0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rails-7.0&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rmt-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/rmt-server&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/rmt-server&distro=SUSE%20Manager%20Server%204.3
>= 6.1.0, < 6.1.8+ 26 more
- (no CPE)range: >= 6.1.0, < 6.1.8
- (no CPE)range: >= 6.1.0, < 6.1.7.8
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.18-1.1
- (no CPE)range: < 7.0.8.4-1.1
- (no CPE)range: < 7.0.8.4-1.1
- (no CPE)range: < 2.17-150300.3.37.1
- (no CPE)range: < 2.17-150200.3.45.1
- (no CPE)range: < 2.17-150300.3.37.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150200.3.45.1
- (no CPE)range: < 2.17-150300.3.37.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.17-150500.3.16.1
- (no CPE)range: < 2.17-150200.3.45.1
- (no CPE)range: < 2.17-150300.3.37.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150200.3.45.1
- (no CPE)range: < 2.17-150300.3.37.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150400.3.25.1
- (no CPE)range: < 2.17-150400.3.25.1
- Range: >= 6.1.0.0, < 6.1.7.8
Patches
Vulnerability mechanics
References
7- github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523nvdPatchWEB
- github.com/advisories/GHSA-fwhr-88qx-h9g7ghsaADVISORY
- github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-28103ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.ymlghsaWEB
- security.netapp.com/advisory/ntap-20241206-0002ghsaWEB
- security.netapp.com/advisory/ntap-20241206-0002/nvd
News mentions
0No linked articles in our index yet.