Actionpack Project Actionpack vulnerabilities

CVE-2016-0752 [HIGH] CWE-22 Directory traversal vulnerability in Action View in Ruby on Rails Directory traversal vulnerability in Action View in Ruby on Rails Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` (dot dot) in a pathname.

CVE-2014-0130 [HIGH] CWE-22 actionpack Path Traversal vulnerability actionpack Path Traversal vulnerability Directory traversal vulnerability in `actionpack/lib/abstract_controller/base.rb` in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

CVE-2013-0156 [HIGH] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability `active_support/core_ext/hash/conversions.rb` in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML e

CVE-2016-2098 [HIGH] CWE-20 actionpack allows remote code execution via application's unrestricted use of render method actionpack allows remote code execution via application's unrestricted use of render method Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

CVE-2021-22881 [MEDIUM] CWE-601 Actionpack Open Redirect Vulnerability Actionpack Open Redirect Vulnerability The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CVE-2021-44528 [MEDIUM] CWE-601 actionpack Open Redirect in Host Authorization Middleware actionpack Open Redirect in Host Authorization Middleware Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this: ``` config.hosts << '.EXAMPLE.co

CVE-2013-6414 [MEDIUM] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability `actionpack/lib/action_view/lookup_context.rb` in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

CVE-2008-7248 [MEDIUM] CWE-20 Improper Input Validation in actionpack Improper Input Validation in actionpack Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

CVE-2020-8264 [MEDIUM] CWE-79 Cross-site scripting in actionpack Cross-site scripting in actionpack In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. Workarounds Until such time as the patch can be

CVE-2011-3187 [MEDIUM] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability The `to_s` method in `actionpack/lib/action_dispatch/middleware/remote_ip.rb` in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

CVE-2024-28103 [CRITICAL] CWE-20 Missing security headers in Action Pack on non-HTML responses Missing security headers in Action Pack on non-HTML responses # Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4 Impact Response

CVE-2023-22792 [HIGH] CWE-1333 ReDoS based DoS vulnerability in Action Dispatch ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause

CVE-2020-8164 [HIGH] CWE-502 Possible Strong Parameters Bypass in ActionPack Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails >= 6.0.3.1 Impact In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or `each_value`, or `each_pair` will return the underlying "untrusted" hash of data that was read from the parameters. Ap

CVE-2016-0751 [HIGH] actionpack is vulnerable to denial of service via a crafted HTTP Accept header actionpack is vulnerable to denial of service via a crafted HTTP Accept header actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via

CVE-2023-22795 [HIGH] CWE-1333 ReDoS based DoS vulnerability in Action Dispatch ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP If-None-Match header can cause the regular expr

CVE-2021-22904 [HIGH] CWE-400 Possible DoS Vulnerability in Action Controller Token Authentication Possible DoS Vulnerability in Action Controller Token Authentication There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: >= 4.0.0 Not affected: < 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. Impact

CVE-2021-22885 [HIGH] CWE-200 Action Pack contains Information Disclosure / Unintended Method Execution vulnerability Action Pack contains Information Disclosure / Unintended Method Execution vulnerability Impact There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input. Vulnerable code will look like this. ``` redirect_to(params[:some_param]) ``` All users running a

CVE-2024-47887 [MEDIUM] CWE-1333 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Possible ReDoS vulnerability in HTTP Token authentication in Action Controller There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may

CVE-2024-26142 [HIGH] CWE-1333 Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch # Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not affected: <

CVE-2012-2660 [MEDIUM] CWE-284 Action Pack contains database-query restrictions bypass Action Pack contains database-query restrictions bypass `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform N