VYPR

rpm package

suse/rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15

pkg:rpm/suse/rubygem-actionpack-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015

Vulnerabilities (4)

  • CVE-2022-23633Feb 11, 2022
    affected < 5.1.4-150000.3.12.1fixed 5.1.4-150000.3.12.1

    Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques

  • CVE-2021-22904Jun 11, 2021
    affected < 5.1.4-150000.3.12.1fixed 5.1.4-150000.3.12.1

    The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token`

  • CVE-2021-22885May 27, 2021
    affected < 5.1.4-3.9.1fixed 5.1.4-3.9.1

    A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

  • CVE-2020-8164Jun 19, 2020
    affected < 5.1.4-3.6.1fixed 5.1.4-3.6.1

    A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.