rpm package
suse/rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15
pkg:rpm/suse/rubygem-actionpack-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23633 | — | < 5.1.4-150000.3.12.1 | 5.1.4-150000.3.12.1 | Feb 11, 2022 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques | ||
| CVE-2021-22904 | — | < 5.1.4-150000.3.12.1 | 5.1.4-150000.3.12.1 | Jun 11, 2021 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` | ||
| CVE-2021-22885 | — | < 5.1.4-3.9.1 | 5.1.4-3.9.1 | May 27, 2021 | A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | ||
| CVE-2020-8164 | — | < 5.1.4-3.6.1 | 5.1.4-3.6.1 | Jun 19, 2020 | A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. |
- CVE-2022-23633Feb 11, 2022affected < 5.1.4-150000.3.12.1fixed 5.1.4-150000.3.12.1
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques
- CVE-2021-22904Jun 11, 2021affected < 5.1.4-150000.3.12.1fixed 5.1.4-150000.3.12.1
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token`
- CVE-2021-22885May 27, 2021affected < 5.1.4-3.9.1fixed 5.1.4-3.9.1
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
- CVE-2020-8164Jun 19, 2020affected < 5.1.4-3.6.1fixed 5.1.4-3.6.1
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.