rpm package
opensuse/rubygem-actionpack-7.0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rubygem-actionpack-7.0&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47887 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To | |
| CVE-2024-41128 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted | |
| CVE-2024-28103 | — | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Jun 4, 2024 | Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | ||
| CVE-2024-26143 | — | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Feb 27, 2024 | Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted | ||
| CVE-2023-22797 | — | < 7.0.4.1-1.1 | 7.0.4.1-1.1 | Feb 9, 2023 | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a | ||
| CVE-2023-22795 | — | < 7.0.4.1-1.1 | 7.0.4.1-1.1 | Feb 9, 2023 | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Rub | ||
| CVE-2023-22792 | — | < 7.0.4.1-1.1 | 7.0.4.1-1.1 | Feb 9, 2023 | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This | ||
| CVE-2022-23633 | — | < 7.0.2.2-1.1 | 7.0.2.2-1.1 | Feb 11, 2022 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques |
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted
- CVE-2024-28103Jun 4, 2024affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- CVE-2024-26143Feb 27, 2024affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted
- CVE-2023-22797Feb 9, 2023affected < 7.0.4.1-1.1fixed 7.0.4.1-1.1
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a
- CVE-2023-22795Feb 9, 2023affected < 7.0.4.1-1.1fixed 7.0.4.1-1.1
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Rub
- CVE-2023-22792Feb 9, 2023affected < 7.0.4.1-1.1fixed 7.0.4.1-1.1
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This
- CVE-2022-23633Feb 11, 2022affected < 7.0.2.2-1.1fixed 7.0.2.2-1.1
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques