CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:7.2.0:beta1:*:*:*:*:*:*

History

11 Jun 2024, 15:27

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Rubyonrails
Rubyonrails rails
CPE cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:7.2.0:beta1:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 9.8
References () https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523 - () https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523 - Patch
References () https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7 - () https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7 - Vendor Advisory

05 Jun 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Action Pack es un framework para manejar y responder a solicitudes web. Desde 6.1.0, la Política de permisos configurable de la aplicación solo se ofrece en respuestas con un tipo de contenido relacionado con HTML. Esta vulnerabilidad se solucionó en 6.1.7.8, 7.0.8.2 y 7.1.3.3.

04 Jun 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-04 20:15

Updated : 2024-06-11 15:27


NVD link : CVE-2024-28103

Mitre link : CVE-2024-28103

CVE.ORG link : CVE-2024-28103


JSON object : View

Products Affected

rubyonrails

  • rails
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation