from 0, < 5.0.1
HIGH7.5CVE-2024-26142Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch >= 7.1.0, < 7.1.4
MEDIUM6.1CVE-2024-32464ActionText ContentAttachment can Contain Unsanitized HTML >= 7.1.0, < 7.1.4
MEDIUM6.1CVE-2024-26143Rails Possible XSS Vulnerability in Action Controller >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.4
MEDIUM6.1CVE-2021-44528actionpack Open Redirect in Host Authorization Middleware >= 7.0.0-rc2, <= 7.0.0-rc2
MEDIUM5.4CVE-2024-28103Action Pack is missing security headers on non-HTML responses >= 6.1.0, < 6.1.8, >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.4
MEDIUM5.4CVE-2022-3704A vulnerability classified as problematic has been found in Ruby on Rails. MEDIUM5.3CVE-2024-26144Possible Sensitive Session Information Leak in Active Storage >= 5.2.0, < 6.1.8, >= 7.0.0, < 7.0.9
—CVE-2024-54133Possible Content Security Policy bypass in Action Dispatch >= 5.2.0, < 7.0.9, >= 7.1.0, < 7.1.4, >= 7.2.0, < 7.2.2-2-0, >= 8.0.0, < 8.0.1
—CVE-2024-47889Action Mailer has possible ReDoS vulnerability in block_format >= 3.0.0, < 6.1.8, >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.4, >= 7.2.0, < 7.2.2
—CVE-2024-47888Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node >= 6.0.0, < 6.1.8, >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.4, >= 7.2.0, < 7.2.2
—CVE-2024-47887Action Controller has possible ReDoS vulnerability in HTTP Token authentication >= 4.0.0, < 6.1.8, >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.5, >= 7.2.0, < 7.2.2
—CVE-2024-41128Action Dispatch has possible ReDoS vulnerability in query parameter filtering >= 3.1.0, < 6.1.8, >= 7.0.0, < 7.0.9, >= 7.1.0, < 7.1.4 | >= 7.2.0, < 7.2.2