rpm package
suse/rubygem-activesupport-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP1
pkg:rpm/suse/rubygem-activesupport-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22796 | — | < 5.1.4-150000.3.12.1 | 5.1.4-150000.3.12.1 | Feb 9, 2023 | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts | ||
| CVE-2022-27777 | — | < 5.1.4-150000.3.9.1 | 5.1.4-150000.3.9.1 | May 26, 2022 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||
| CVE-2022-23633 | — | < 5.1.4-150000.3.6.1 | 5.1.4-150000.3.6.1 | Feb 11, 2022 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques | ||
| CVE-2021-22904 | — | < 5.1.4-150000.3.6.1 | 5.1.4-150000.3.6.1 | Jun 11, 2021 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` | ||
| CVE-2020-8165 | — | < 5.1.4-3.3.1 | 5.1.4-3.3.1 | Jun 19, 2020 | A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. |
- CVE-2023-22796Feb 9, 2023affected < 5.1.4-150000.3.12.1fixed 5.1.4-150000.3.12.1
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts
- CVE-2022-27777May 26, 2022affected < 5.1.4-150000.3.9.1fixed 5.1.4-150000.3.9.1
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
- CVE-2022-23633Feb 11, 2022affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques
- CVE-2021-22904Jun 11, 2021affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token`
- CVE-2020-8165Jun 19, 2020affected < 5.1.4-3.3.1fixed 5.1.4-3.3.1
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.