Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-22577

Опубликовано: 26 мая 2022
Источник: debian

Описание

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
railsfixed2:6.1.6.1+dfsg-1package

Примечания

  • https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

  • https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1)

  • https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8)

  • https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809 (v5.2.7.1)

Связанные уязвимости

ubuntu логотип

CVE-2022-22577

CVSS3: 6.1
ubuntu
больше 3 лет назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

redhat логотип

CVE-2022-22577

CVSS3: 7.5
redhat
почти 4 года назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

nvd логотип

CVE-2022-22577

CVSS3: 6.1
nvd
больше 3 лет назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

github логотип

GHSA-mm33-5vfq-3mm3

CVSS3: 6.1
github
почти 4 года назад

Cross-site Scripting Vulnerability in Action Pack