Search for packages
| purl | pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1bxs-yghe-cyck | URL Redirection to Untrusted Site ('Open Redirect') A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. |
CVE-2021-22942
GHSA-2rqw-v265-jf8c |
| VCID-1x8k-t8mr-3fgp | URL Redirection to Untrusted Site ('Open Redirect') A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. |
CVE-2021-44528
GHSA-qphc-hf5q-v8fc |
| VCID-63gy-6njy-kbd8 | ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
CVE-2023-22792
GHSA-p84v-45xj-wwqj GMS-2023-58 |
| VCID-6ku5-mtgz-zygw | Duplicate This advisory duplicates another. |
CVE-2023-22796
GHSA-j6gc-792m-qgm2 GMS-2023-61 |
| VCID-ce39-j83r-6ug9 | Duplicate This advisory duplicates another. |
CVE-2022-22577
GHSA-mm33-5vfq-3mm3 GMS-2022-1137 |
| VCID-drg6-gj1f-h7ea | Duplicate This advisory duplicates another. |
CVE-2022-21831
GHSA-w749-p3v6-hccq GMS-2022-301 |
| VCID-hppf-a715-r7b2 | ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
CVE-2023-22795
GHSA-8xww-x3g3-6jcv GMS-2023-56 |
| VCID-jwun-grgg-2uet | Exposure of information in Action Pack Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. |
CVE-2022-23633
CVE-2022-23634 GHSA-rmj8-8hhh-gv5h GHSA-wh98-p28r-vrc9 |
| VCID-p5mc-r1rg-5ff7 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview. |
CVE-2022-27777
GHSA-ch3h-j2vf-95pv GMS-2022-1138 |
| VCID-t9yh-ss8z-e3cb | Duplicate This advisory duplicates another. |
CVE-2023-22794
GHSA-hq7p-j377-6v63 GMS-2023-60 |