VYPR

rpm package

suse/rubygem-activesupport-5_1&distro=SUSE Linux Enterprise High Availability Extension 15

pkg:rpm/suse/rubygem-activesupport-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015

Vulnerabilities (4)

  • CVE-2022-27777May 26, 2022
    affected < 5.1.4-150000.3.9.1fixed 5.1.4-150000.3.9.1

    A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

  • CVE-2022-23633Feb 11, 2022
    affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1

    Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques

  • CVE-2021-22904Jun 11, 2021
    affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1

    The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token`

  • CVE-2020-8165Jun 19, 2020
    affected < 5.1.4-3.3.1fixed 5.1.4-3.3.1

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.