CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32464 – ActionText ContentAttachment can Contain Unsanitized HTML
https://notcve.org/view.php?id=CVE-2024-32464
04 Jun 2024 — Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. Action Text trae contenido de texto enriquecido y edición a Rails. Las instancias de ActionText::Attachable::ContentAttachment incluidas dentro de una etiqueta rich_text_area podrían contener HTML no sanitizado. • https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28103 – Action Pack is missing security headers on non-HTML responses
https://notcve.org/view.php?id=CVE-2024-28103
04 Jun 2024 — Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. Action Pack es un framework para manejar y responder a solicitudes web. Desde 6.1.0, la Política de permisos configurable de la aplicación solo se ofrece en respuestas con un tipo de contenido relacionado con HTML. • https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22795 – rubygem-actionpack: Denial of Service in Action Dispatch
https://notcve.org/view.php?id=CVE-2023-22795
09 Feb 2023 — A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. A flaw ... • https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2023-22792 – rubygem-actionpack: Denial of Service in Action Dispatch
https://notcve.org/view.php?id=CVE-2023-22792
09 Feb 2023 — A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. A flaw was found in the ru... • https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22797
https://notcve.org/view.php?id=CVE-2023-22797
09 Feb 2023 — An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. • https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25015
https://notcve.org/view.php?id=CVE-2023-25015
02 Feb 2023 — Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. • https://github.com/ankane/clockwork_web/commit/ec2896503ee231588547c2fad4cb93a94e78f857 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23520 – rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-23520
14 Dec 2022 — rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched ... • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23519 – Possible XSS vulnerability with certain configurations of rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23519
14 Dec 2022 — rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in ver... • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23518 – Improper neutralization of data URIs allows XSS in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23518
14 Dec 2022 — rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones >= 1.0.3, < 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a través de URI de datos cuando se usan en combinación con Loofah >= 2.1.0. Este p... • https://github.com/rails/rails-html-sanitizer/issues/135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23517 – Inefficient Regular Expression Complexity in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23517
14 Dec 2022 — rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de ... • https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 • CWE-1333: Inefficient Regular Expression Complexity •