CVE-2023-22797
https://notcve.org/view.php?id=CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. • https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-22577 – rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack
https://notcve.org/view.php?id=CVE-2022-22577
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Una vulnerabilidad de tipo XSS en Action Pack versiones posteriores a 5.2.0 incluyéndola y versiones anteriores a 5.2.0, que podría permitir a un atacante omitir el CSP para conseguir respuestas que no sean HTML A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack. • https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0002 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2022-22577 https://bugzilla.redhat.com/show_bug.cgi?id=2080302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-27777 – tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers
https://notcve.org/view.php?id=CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Una vulnerabilidad de tipo XSS en Action View tag helpers versiones posteriores a 5.2.0 incluyéndola y versiones anteriores a 5.2.0, que permitiría a un atacante inyectar contenido si es capaz de controlar la entrada en atributos específicos A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack. • https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2022-27777 https://bugzilla.redhat.com/show_bug.cgi?id=2080296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-22885 – rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack
https://notcve.org/view.php?id=CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Una posible vulnerabilidad de divulgación de información y ejecución de método no intecional en Action Pack versiones posteriores a 2.0.0 e incluyéndola, cuando se usa la ayuda "redirect_to" o "polymorphic_url" con la entrada de un usuario no confiable A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the `redirect_to` or `polymorphic_url` helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality. • https://hackerone.com/reports/1106652 https://security.netapp.com/advisory/ntap-20210805-0009 https://www.debian.org/security/2021/dsa-4929 https://access.redhat.com/security/cve/CVE-2021-22885 https://bugzilla.redhat.com/show_bug.cgi?id=1957441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2020-8159
https://notcve.org/view.php?id=CVE-2020-8159
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. Se presenta una vulnerabilidad en la función Actionpack_page-caching en gem versión anterior a v1.2.1, que permite a un atacante escribir archivos arbitrarios en un servidor web, resultando potencialmente en una ejecución de código remota si el atacante puede escribir un ERB no escapado en una vista. • https://groups.google.com/forum/#%21topic/rubyonrails-security/CFRVkEytdP8 https://lists.debian.org/debian-lts-announce/2021/07/msg00019.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •