CVE-2022-22577

Опубликовано: 27 апр. 2022

Источник: redhat

CVSS3: 7.5

Описание

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	actionpack	Out of support scope
Red Hat 3scale API Management Platform 2	actionpack	Will not fix
Red Hat Satellite 6.13 for RHEL 8	rubygem-actionpack	Fixed	RHSA-2023:2097	03.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2080302rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-22577

CVSS3: 6.1

ubuntu

больше 3 лет назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

CVE-2022-22577

CVSS3: 6.1

nvd

больше 3 лет назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

CVE-2022-22577

CVSS3: 6.1

debian

больше 3 лет назад

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ...

GHSA-mm33-5vfq-3mm3

CVSS3: 6.1

github

почти 4 года назад

Cross-site Scripting Vulnerability in Action Pack

7.5 High

CVSS3