Vulnerabilities (CVE)

Filtered by vendor Rubyonrails Subscribe
Filtered by product Actionpack Page-caching
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22885 1 Rubyonrails 2 Actionpack Page-caching, Rails 2021-08-05 5.0 MEDIUM 7.5 HIGH
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
CVE-2020-8159 1 Rubyonrails 1 Actionpack Page-caching 2021-07-23 7.5 HIGH 9.8 CRITICAL
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.