Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2021-22885
- EPSS 0.97%
- Published 27.05.2021 12:15:07
- Last modified 21.11.2024 05:50:50
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
9.8
CVE-2020-8159
- EPSS 5.42%
- Published 12.05.2020 13:15:13
- Last modified 21.11.2024 05:38:24
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
1