Actionpack
This hub aggregates every CVE we track for Actionpack, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
63
CVEs tracked
0
Critical
15
High
2
In CISA KEV
Severity distribution
MEDIUM44HIGH15LOW4
Monthly trend
0
0
0
2
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Actionpack.
- CVE-2023-28362The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC com...4.0
- CVE-2024-54133Possible Content Security Policy bypass in Action Dispatch4.3
- CVE-2024-47887Action Controller has possible ReDoS vulnerability in HTTP Token authentication3.7
- CVE-2024-41128Action Dispatch has possible ReDoS vulnerability in query parameter filtering3.7
- CVE-2024-28103Action Pack is missing security headers on non-HTML responses5.4
- CVE-2024-26143Rails Possible XSS Vulnerability in Action Controller6.1
- CVE-2024-26142Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch7.5
- CVE-2023-22792A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can caus...7.5
- CVE-2023-22797An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully...6.1
- CVE-2023-22795A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expres...7.5
- CVE-2022-3704Ruby on Rails _table.html.erb cross site scripting3.5
- CVE-2022-27777A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.6.1
- CVE-2022-22577An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.6.1
- CVE-2022-23633Exposure of sensitive information in Action Pack7.4
- CVE-2021-44528A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host...6.1
Product normalization is registry-driven with AI assist and human review. How it works