Описание
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.
A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirect_to or polymorphic_url helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality.
Отчет
Red Hat CloudForms is in the maintenance phase and we will not be fixing Medium/Low impact security bugs. Reference: https://access.redhat.com/support/policy/updates/cloudforms
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-gemset | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | system | Affected | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-actionpack | Will not fix | ||
| Red Hat Satellite 6.10 for RHEL 7 | tfm-rubygem-actionpack | Fixed | RHSA-2021:4702 | 16.11.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
A possible information disclosure / unintended method execution vulner ...
7.5 High
CVSS3