Actionpack Project Actionpack vulnerabilities

CVE-2011-0449 [HIGH] actionpack allows remote attackers to bypass intended access restrictions actionpack allows remote attackers to bypass intended access restrictions `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended ca

CVE-2024-41128 [MEDIUM] CWE-770 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Possible ReDoS vulnerability in query parameter filtering in Action Dispatch There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in

CVE-2021-22902 [HIGH] CWE-400 Denial of Service in Action Dispatch Denial of Service in Action Dispatch Impact There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases The fixed releases are available at the normal locations. Workarounds The following monkey patch placed in an initializer can be used to work around the iss

CVE-2015-7581 [HIGH] actionpack is vulnerable to denial of service because of a wildcard controller route actionpack is vulnerable to denial of service because of a wildcard controller route actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

CVE-2016-2097 [HIGH] CWE-22 actionview contains Path Traversal vulnerability actionview contains Path Traversal vulnerability There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x, 4.1.x Not affected: 4.2+ Fixed Versions: 3.2.22.2, 4.1.14.2 Impact A

CVE-2013-6417 [MEDIUM] CWE-284 actionpack allows bypass of database-query restrictions actionpack allows bypass of database-query restrictions `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE cla

CVE-2014-7829 [MEDIUM] CWE-22 Directory traversal vulnerability in actionpack Directory traversal vulnerability in actionpack Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash

CVE-2022-23633 [HIGH] CWE-200 Exposure of information in Action Pack Exposure of information in Action Pack ### Impact Under certain circumstances response bodies will not be closed, for example a [bug in a webserver](https://github.com/puma/puma/pull/2812) or a bug in a Rack middleware. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests, esp

CVE-2020-8185 [MEDIUM] CWE-400 Untrusted users can run pending migrations in production in Rails Untrusted users can run pending migrations in production in Rails There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact Using this issue, an attacker would be able to execute an

CVE-2012-2694 [MEDIUM] actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, whi

CVE-2022-22577 [MEDIUM] CWE-79 Cross-site Scripting Vulnerability in Action Pack Cross-site Scripting Vulnerability in Action Pack There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 ## Impact CSP headers were only sent along with responses that Rails considered as "HTML" responses. This left API requests withou

CVE-2015-7576 [LOW] actionpack is vulnerable to remote bypass authentication actionpack is vulnerable to remote bypass authentication The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes

CVE-2021-22903 [MEDIUM] CWE-601 Possible Open Redirect Vulnerability in Action Pack Possible Open Redirect Vulnerability in Action Pack There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: >= v6.1.0.rc2 Not affected: < v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicio

CVE-2024-26143 [MEDIUM] CWE-79 Rails has possible XSS Vulnerability in Action Controller Rails has possible XSS Vulnerability in Action Controller # Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (`translate`, `t`, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact Applications usin

[MEDIUM] Moderate severity vulnerability that affects actionpack Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root

CVE-2011-0447 [MEDIUM] CWE-352 actionpack Cross-Site Request Forgery vulnerability actionpack Cross-Site Request Forgery vulnerability Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a r

CVE-2023-22797 [MEDIUM] CWE-601 CVE-2023-22797: An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redire An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an

CVE-2011-2929 [MEDIUM] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability The template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

CVE-2014-0082 [MEDIUM] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability `actionpack/lib/action_view/template/text.rb` in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the `:text` option to the `render` method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

CVE-2021-22942 [MEDIUM] CWE-601 Open Redirect in ActionPack Open Redirect in ActionPack # Overview There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 # Impact Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization m