rpm package
suse/rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP5
pkg:rpm/suse/rubygem-actionpack-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28362 | Med | 4.0 | < 5.1.4-150000.3.18.1 | 5.1.4-150000.3.18.1 | Jan 9, 2025 | The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | |
| CVE-2024-47887 | Med | — | < 5.1.4-150000.3.32.1 | 5.1.4-150000.3.32.1 | Oct 16, 2024 | Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To | |
| CVE-2024-42228 | — | < 5.1.4-150000.3.32.1 | 5.1.4-150000.3.32.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually | ||
| CVE-2020-8166 | Med | 4.3 | < 5.1.4-150000.3.29.1 | 5.1.4-150000.3.29.1 | Jul 2, 2020 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. |
- affected < 5.1.4-150000.3.18.1fixed 5.1.4-150000.3.18.1
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
- affected < 5.1.4-150000.3.32.1fixed 5.1.4-150000.3.32.1
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To
- CVE-2024-42228Jul 30, 2024affected < 5.1.4-150000.3.32.1fixed 5.1.4-150000.3.32.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually
- affected < 5.1.4-150000.3.29.1fixed 5.1.4-150000.3.29.1
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.