exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2018-16477

около 7 лет назад

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

CVSS3: 6.5

EPSS: Низкий

CVE-2018-16477

около 7 лет назад

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

CVSS3: 6.5

EPSS: Низкий

CVE-2018-16477

около 7 лет назад

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Sto ...

CVSS3: 6.5

EPSS: Низкий

GHSA-7rr7-rcjw-56vj

около 7 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in activestorage

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-16477 A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.	CVSS3: 6.5	0% Низкий	около 7 лет назад
CVE-2018-16477 A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.	CVSS3: 6.5	0% Низкий	около 7 лет назад
CVE-2018-16477 A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Sto ...	CVSS3: 6.5	0% Низкий	около 7 лет назад
GHSA-7rr7-rcjw-56vj Exposure of Sensitive Information to an Unauthorized Actor in activestorage	CVSS3: 6.5	0% Низкий	около 7 лет назад

Уязвимостей на страницу