Skip to main content

Actionpack Page Caching

2 CVEs product

Monthly

CVE-2021-22885 Ruby HIGH POC PATCH This Week

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rails Actionpack Page Caching Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2020-8159 Ruby CRITICAL PATCH Act Now

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Actionpack Page Caching Debian Linux
NVD
CVSS 3.1
9.8
EPSS
5.2%
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rails Actionpack Page Caching +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Actionpack Page Caching +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy