Ruby/actionpack/7.0.8.5

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

https://rubygems.org/gems/actionpack
MIT

1 Security Vulnerabilities

Possible Content Security Policy bypass in Action Dispatch

Published date: 2024-12-10T22:42:27Z
CVE: CVE-2024-54133
Links:

There is a possible Cross Site Scripting (XSS) vulnerability in the content_security_policy helper in Action Pack.

Impact

Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Releases

The fixed releases are available at the normal locations.

Workarounds

Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Credits

Thanks to ryotak for the report!

Affected versions: ["8.0.0", "7.2.0", "7.2.1", "7.2.1.1", "7.2.1.2", "7.2.2", "7.1.0", "7.1.1", "7.1.2", "7.1.3", "7.1.3.2", "7.1.3.1", "7.1.3.3", "7.1.3.4", "7.1.4", "7.1.4.1", "7.1.4.2", "7.1.5", "6.0.3.3", "6.0.3", "6.0.2.2", "6.0.2.1", "6.0.2.rc2", "6.0.2.rc1", "6.0.0", "6.0.0.rc2", "6.0.0.beta2", "5.2.4.3", "5.2.4.2", "5.2.4.1", "5.2.4", "5.2.4.rc1", "5.2.3", "5.2.3.rc1", "5.2.2.rc1", "5.2.1.1", "5.2.0", "6.1.0.rc1", "6.0.3.4", "6.0.3.2", "6.0.3.1", "6.0.3.rc1", "6.0.2", "6.0.1", "6.0.1.rc1", "6.0.0.rc1", "6.0.0.beta3", "6.0.0.beta1", "5.2.4.4", "5.2.2.1", "5.2.2", "5.2.1", "5.2.1.rc1", "6.1.0.rc2", "6.1.0", "6.1.1", "6.1.2", "6.1.2.1", "6.0.3.5", "5.2.4.5", "6.1.3", "6.0.3.6", "6.1.3.1", "5.2.5", "6.0.3.7", "5.2.6", "6.1.3.2", "5.2.4.6", "6.0.4", "6.1.4", "6.0.4.1", "6.1.4.1", "7.0.0.alpha2", "7.0.0.alpha1", "7.0.0.rc1", "6.1.4.3", "6.1.4.2", "6.0.4.2", "7.0.0.rc3", "7.0.0.rc2", "6.0.4.3", "6.1.4.4", "6.0.4.4", "7.0.0", "7.0.1", "7.0.2", "7.0.2.1", "5.2.6.2", "5.2.6.1", "7.0.2.2", "6.1.4.6", "6.1.4.5", "6.0.4.6", "6.0.4.5", "7.0.2.3", "6.1.4.7", "6.0.4.7", "5.2.6.3", "6.1.5", "5.2.7", "7.0.2.4", "6.1.5.1", "6.0.4.8", "5.2.7.1", "6.1.6", "7.0.3", "6.0.5", "5.2.8", "7.0.3.1", "6.1.6.1", "6.0.5.1", "5.2.8.1", "6.0.6", "7.0.4", "6.1.7", "6.1.7.1", "6.0.6.1", "7.0.4.1", "7.0.4.2", "6.1.7.2", "7.0.4.3", "6.1.7.3", "7.0.5", "7.0.5.1", "6.1.7.4", "7.0.6", "7.0.7", "7.0.7.2", "7.0.7.1", "6.1.7.6", "6.1.7.5", "7.0.8", "7.0.8.1", "6.1.7.7", "7.0.8.2", "7.0.8.3", "7.0.8.4", "6.1.7.8", "7.0.8.5", "6.1.7.9", "7.0.8.6", "6.1.7.10"]
Secure versions: [7.0.8.7, 7.1.5.1, 7.2.2.1, 8.0.0.1, 8.0.1, 8.0.2]
Recommendation: Update to version 8.0.2.

497 Other Versions

Version License Security Released
7.0.4 MIT 19 2022-09-09 - 18:42 almost 3 years
7.0.3.1 MIT 19 2022-07-12 - 17:31 almost 3 years
7.0.3 MIT 19 2022-05-09 - 13:40 about 3 years
7.0.2.4 MIT 19 2022-04-26 - 19:33 about 3 years
7.0.2.3 MIT 21 2022-03-08 - 17:50 over 3 years
7.0.2.2 MIT 21 2022-02-11 - 19:43 over 3 years
7.0.2.1 MIT 23 2022-02-11 - 18:18 over 3 years
7.0.2 MIT 23 2022-02-08 - 23:12 over 3 years
7.0.1 MIT 23 2022-01-06 - 21:54 over 3 years
7.0.0 MIT 23 2021-12-15 - 23:43 over 3 years
7.0.0.rc3 MIT 11 2021-12-14 - 23:04 over 3 years
7.0.0.rc2 MIT 11 2021-12-14 - 19:39 over 3 years
7.0.0.rc1 MIT 12 2021-12-06 - 21:31 over 3 years
7.0.0.alpha2 MIT 12 2021-09-15 - 23:15 almost 4 years
7.0.0.alpha1 MIT 12 2021-09-15 - 21:56 almost 4 years
6.1.7.10 MIT 3 2024-10-23 - 21:58 8 months
6.1.7.9 MIT 3 2024-10-15 - 21:25 9 months
6.1.7.8 MIT 5 2024-06-04 - 17:55 about 1 year
6.1.7.7 MIT 7 2024-02-21 - 18:39 over 1 year
6.1.7.6 MIT 7 2023-08-22 - 20:07 almost 2 years
6.1.7.5 MIT 7 2023-08-22 - 17:15 almost 2 years
6.1.7.4 MIT 7 2023-06-26 - 21:31 about 2 years
6.1.7.3 MIT 8 2023-03-13 - 18:48 over 2 years
6.1.7.2 MIT 8 2023-01-25 - 03:23 over 2 years
6.1.7.1 MIT 8 2023-01-17 - 18:54 over 2 years
6.1.7 MIT 15 2022-09-09 - 18:38 almost 3 years
6.1.6.1 MIT 15 2022-07-12 - 17:29 almost 3 years
6.1.6 MIT 15 2022-05-09 - 13:45 about 3 years
6.1.5.1 MIT 15 2022-04-26 - 19:30 about 3 years
6.1.5 MIT 17 2022-03-10 - 21:16 over 3 years
6.1.4.7 MIT 17 2022-03-08 - 17:48 over 3 years
6.1.4.6 MIT 17 2022-02-11 - 19:41 over 3 years
6.1.4.5 MIT 19 2022-02-11 - 18:22 over 3 years
6.1.4.4 MIT 19 2021-12-15 - 22:53 over 3 years
6.1.4.3 MIT 19 2021-12-14 - 23:02 over 3 years
6.1.4.2 MIT 19 2021-12-14 - 19:49 over 3 years
6.1.4.1 MIT 21 2021-08-19 - 16:25 almost 4 years
6.1.4 MIT 23 2021-06-24 - 20:40 about 4 years
6.1.3.2 MIT 23 2021-05-05 - 15:34 about 4 years
6.1.3.1 MIT 31 2021-03-26 - 18:06 over 4 years
6.1.3 MIT 31 2021-02-17 - 18:41 over 4 years
6.1.2.1 MIT 31 2021-02-10 - 20:44 over 4 years
6.1.2 MIT 33 2021-02-09 - 21:28 over 4 years
6.1.1 MIT 33 2021-01-07 - 22:59 over 4 years
6.1.0 MIT 33 2020-12-09 - 19:57 over 4 years
6.1.0.rc2 MIT 23 2020-12-01 - 22:01 over 4 years
6.1.0.rc1 MIT 21 2020-11-02 - 21:20 over 4 years
6.0.6.1 MIT 13 2023-01-17 - 18:53 over 2 years
6.0.6 MIT 13 2022-09-09 - 18:32 almost 3 years
6.0.5.1 MIT 13 2022-07-12 - 17:28 almost 3 years