rpm package
opensuse/rubygem-actionpack-5_1&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/rubygem-actionpack-5_1&distro=openSUSE%20Leap%2015.5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28362 | Med | 4.0 | < 5.1.4-150000.3.18.1 | 5.1.4-150000.3.18.1 | Jan 9, 2025 | The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | |
| CVE-2020-8166 | Med | 4.3 | < 5.1.4-150000.3.29.1 | 5.1.4-150000.3.29.1 | Jul 2, 2020 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. |
- affected < 5.1.4-150000.3.18.1fixed 5.1.4-150000.3.18.1
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
- affected < 5.1.4-150000.3.29.1fixed 5.1.4-150000.3.29.1
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.