Published: 26/05/2022 Updated: 14/03/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an malicious user to bypass CSP for non HTML like responses.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails actionpack
debian debian linux 10.0

Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...

Debian Bug report logs - #1011941 rails: CVE-2022-22577 - XSS Vulnerability in Action Pack Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Fri, 27 May 2022 11:57:01 UTC Severity: important Ta ...

Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...

CWE-79 https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0002/https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/errata/RHSA-2023:2097 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5372

CVE-2022-22577

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect