Actionpack Project Actionpack vulnerabilities

CVE-2021-22903 [MEDIUM] CWE-601 Possible Open Redirect Vulnerability in Action Pack Possible Open Redirect Vulnerability in Action Pack There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: >= v6.1.0.rc2 Not affected: < v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicio

CVE-2020-8264 [MEDIUM] CWE-79 Cross-site scripting in actionpack Cross-site scripting in actionpack In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. Workarounds Until such time as the patch can be

CVE-2021-22881 [MEDIUM] CWE-601 Actionpack Open Redirect Vulnerability Actionpack Open Redirect Vulnerability The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CVE-2020-8185 [MEDIUM] CWE-400 Untrusted users can run pending migrations in production in Rails Untrusted users can run pending migrations in production in Rails There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact Using this issue, an attacker would be able to execute an

CVE-2020-8164 [HIGH] CWE-502 Possible Strong Parameters Bypass in ActionPack Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails >= 6.0.3.1 Impact In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or `each_value`, or `each_pair` will return the underlying "untrusted" hash of data that was read from the parameters. Ap

CVE-2020-8166 [MEDIUM] CWE-352 Ability to forge per-form CSRF tokens in Rails Ability to forge per-form CSRF tokens in Rails It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session. Impact Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session. Workarounds This is a low-severity security issue. As such, no wor

CVE-2016-0752 [HIGH] CWE-22 Directory traversal vulnerability in Action View in Ruby on Rails Directory traversal vulnerability in Action View in Ruby on Rails Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` (dot dot) in a pathname.

CVE-2016-0751 [HIGH] actionpack is vulnerable to denial of service via a crafted HTTP Accept header actionpack is vulnerable to denial of service via a crafted HTTP Accept header actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via

CVE-2016-2097 [HIGH] CWE-22 actionview contains Path Traversal vulnerability actionview contains Path Traversal vulnerability There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x, 4.1.x Not affected: 4.2+ Fixed Versions: 3.2.22.2, 4.1.14.2 Impact A

CVE-2015-7581 [HIGH] actionpack is vulnerable to denial of service because of a wildcard controller route actionpack is vulnerable to denial of service because of a wildcard controller route actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

CVE-2011-0449 [HIGH] actionpack allows remote attackers to bypass intended access restrictions actionpack allows remote attackers to bypass intended access restrictions `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended ca

CVE-2016-2098 [HIGH] CWE-20 actionpack allows remote code execution via application's unrestricted use of render method actionpack allows remote code execution via application's unrestricted use of render method Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

CVE-2014-0130 [HIGH] CWE-22 actionpack Path Traversal vulnerability actionpack Path Traversal vulnerability Directory traversal vulnerability in `actionpack/lib/abstract_controller/base.rb` in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

CVE-2013-0156 [HIGH] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability `active_support/core_ext/hash/conversions.rb` in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML e

CVE-2011-2197 [MEDIUM] CWE-79 rails Cross-site Scripting vulnerability rails Cross-site Scripting vulnerability The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

CVE-2013-1857 [MEDIUM] CWE-79 actionpack Cross-site Scripting vulnerability actionpack Cross-site Scripting vulnerability The sanitize helper in `lib/action_controller/vendor/html-scanner/html/sanitizer.rb` in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded `:` (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme n

CVE-2009-3009 [MEDIUM] CWE-79 Cross site scripting that affects rails Cross site scripting that affects rails Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

CVE-2011-0447 [MEDIUM] CWE-352 actionpack Cross-Site Request Forgery vulnerability actionpack Cross-Site Request Forgery vulnerability Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a r

CVE-2011-2929 [MEDIUM] CWE-20 actionpack Improper Input Validation vulnerability actionpack Improper Input Validation vulnerability The template selection functionality in `actionpack/lib/action_view/template/resolver.rb` in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

CVE-2012-3465 [MEDIUM] CWE-79 actionpack Cross-site Scripting vulnerability actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.