RubyGems/actionpack — 62 CVEs

Loading…

所有已知漏洞

HIGH7.5CVE-2014-0130⚠ KEVactionpack Path Traversal vulnerability

>= 3.0.0, < 3.2.18

HIGH7.5CVE-2016-0752⚠ KEVDirectory traversal vulnerability in Action View in Ruby on Rails

>= 4.0.0, < 4.1.14.1

HIGH7.5Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

>= 7.1.0, < 7.1.3.1

HIGH7.5ReDoS based DoS vulnerability in Action Dispatch

>= 3.0.0, < 5.2.8.15

HIGH7.5ReDoS based DoS vulnerability in Action Dispatch

>= 4.0.0.beta1, < 6.1.7.1

HIGH7.5Possible DoS Vulnerability in Action Controller Token Authentication

>= 6.0.0, < 6.0.3.7

HIGH7.5rails - security update

>= 6.0.0, < 6.0.3.7

HIGH7.5Denial of Service in Action Dispatch

>= 6.0.0, < 6.0.3.7

HIGH7.5rails - security update

>= 5.0.0, < 5.2.4.3

HIGH7.5actionpack is vulnerable to denial of service because of a wildcard controller route

>= 4.0.0, < 4.2.5.1

HIGH7.5actionpack is vulnerable to denial of service via a crafted HTTP Accept header

>= 4.2.0, < 4.2.5.1

HIGH7.4Exposure of information in Action Pack

>= 5.0.0.0, < 5.2.6.2

HIGH7.3actionpack allows remote code execution via application's unrestricted use of render method

>= 3.0.0, < 3.2.22.2

MEDIUM6.5Untrusted users can run pending migrations in production in Rails

>= 6.0.0, < 6.0.3.2

MEDIUM6.1Rails Possible XSS Vulnerability in Action Controller

>= 7.0.0, < 7.0.8.1

MEDIUM6.1Open Redirect Vulnerability in Action Pack

>= 7.0.0, < 7.0.4.1

MEDIUM6.1Cross-site Scripting Vulnerability in Action Pack

>= 5.2.0, < 5.2.7.1

MEDIUM6.1Cross site scripting in actionpack Rubygem

>= 3.0.0.rc, < 3.0.6

MEDIUM6.1actionpack Open Redirect in Host Authorization Middleware

>= 6.0.0, < 6.0.4.2

MEDIUM6.1rails - security update

>= 6.0.0, < 6.0.4.1

MEDIUM6.1Possible Open Redirect Vulnerability in Action Pack

>= 6.1.0.rc2, < 6.1.3.2

MEDIUM6.1Cross-site scripting in actionpack

>= 6.0.0, < 6.0.3.4

MEDIUM6.1Actionpack Open Redirect Vulnerability

>= 6.0.0, < 6.0.3.5

MEDIUM5.4Action Pack is missing security headers on non-HTML responses

>= 6.1.0, < 6.1.7.8

MEDIUM5.3rails - security update

>= 3.0.0, < 3.2.22.2

MEDIUM4.3Ability to forge per-form CSRF tokens in Rails

>= 5.0.0, < 5.2.4.3

MEDIUM4.0rails - security update

from 0, < 6.1.7.4

LOW3.7ruby-actionpack-3.2 - security update

>= 3.1.0, < 3.2.22.1

—Rails has a possible XSS vulnerability in its Action Pack debug exceptions

>= 8.1.0, < 8.1.2.1

—Possible Content Security Policy bypass in Action Dispatch

>= 5.2.0, < 7.0.8.7

—Action Controller has possible ReDoS vulnerability in HTTP Token authentication

>= 4.0.0, < 6.1.7.9

—Action Dispatch has possible ReDoS vulnerability in query parameter filtering

>= 3.1.0, < 6.1.7.9

—actionpack Improper Input Validation vulnerability

>= 3.0.0, < 3.0.10

—actionpack allows remote attackers to bypass intended access restrictions

>= 3.0.0, < 3.0.4

—rails - several vulnerabilities

from 0, < 2.3.11

—actionpack Improper Input Validation vulnerability

>= 2.3.0, < 2.3.13

—Improper Input Validation in actionpack

>= 2.1.0, < 2.1.3

—rails - cross-site scripting

>= 2.0.0, < 2.2.3

—rails - several

>= 2.1.0, < 2.2.3

—Action Pack contains database-query restrictions bypass

>= 3.0.0.beta, < 3.0.13

—rails - cross site scripting

>= 3.0.0, < 3.0.12

—actionpack Cross-Site Request Forgery vulnerability

>= 2.1.0, < 2.3.11

—actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

>= 3.0.13, < 3.0.14

—actionpack Improper Authentication vulnerability

>= 3.0.0.beta, < 3.0.16

—rails Cross-site Scripting vulnerability

>= 2.0.0, < 2.3.12