Ruby/actionpack/7.0.8.2
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
https://rubygems.org/gems/actionpack
MIT
1 Security Vulnerabilities
Missing security headers in Action Pack on non-HTML responses
Published date: 2024-06-04T22:26:24Z
CVE: CVE-2024-28103
Links:
- https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
- https://nvd.nist.gov/vuln/detail/CVE-2024-28103
- https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
- https://github.com/advisories/GHSA-fwhr-88qx-h9g7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
Permissions-Policy is Only Served on HTML Content-Type
The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type.
This has been assigned the CVE identifier CVE-2024-28103.
Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4
Impact
Responses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.
Releases
The fixed releases are available at the normal locations.
Workarounds
N/A
Patches
To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy regarding security issues. They are in git-am format and consist of a single changeset.
- 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series
- 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series
- 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series
Credits
Thank you shinkbr for reporting this!
Affected versions:
["7.2.0.beta1", "7.1.0", "7.1.1", "7.1.2", "7.1.3", "7.1.3.2", "7.1.3.1", "7.1.3.3", "7.0.0", "7.0.1", "7.0.2", "7.0.2.2", "7.0.2.1", "7.0.2.3", "7.0.2.4", "7.0.3", "7.0.3.1", "7.0.4", "7.0.4.1", "7.0.4.2", "7.0.4.3", "7.0.5", "7.0.5.1", "7.0.6", "7.0.7", "7.0.7.2", "7.0.7.1", "7.0.8", "7.0.8.1", "7.0.8.2", "7.0.8.3", "6.1.0", "6.1.1", "6.1.2", "6.1.2.1", "6.1.3", "6.1.3.1", "6.1.3.2", "6.1.4", "6.1.4.1", "6.1.4.3", "6.1.4.2", "6.1.4.4", "6.1.4.6", "6.1.4.5", "6.1.4.7", "6.1.5", "6.1.5.1", "6.1.6", "6.1.6.1", "6.1.7", "6.1.7.1", "6.1.7.2", "6.1.7.3", "6.1.7.4", "6.1.7.6", "6.1.7.5", "6.1.7.7"]
Secure versions:
[7.2.0.beta2, 7.1.3.4, 7.0.8.4]
Recommendation:
Update to version 7.1.3.4.
472 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.2.18 | MIT | 29 | 2014-05-06 - 16:16 | about 10 years |
| 3.2.17 | MIT | 31 | 2014-02-18 - 18:54 | over 10 years |
| 3.2.16 | MIT | 34 | 2013-12-03 - 19:00 | over 10 years |
| 3.2.15 | MIT | 38 | 2013-10-16 - 17:22 | over 10 years |
| 3.2.15.rc3 | MIT | 38 | 2013-10-11 - 21:16 | over 10 years |
| 3.2.15.rc2 | MIT | 38 | 2013-10-04 - 20:48 | over 10 years |
| 3.2.15.rc1 | MIT | 38 | 2013-10-03 - 18:53 | over 10 years |
| 3.2.14 | MIT | 38 | 2013-07-22 - 16:43 | almost 11 years |
| 3.2.14.rc2 | MIT | 38 | 2013-07-16 - 16:12 | almost 11 years |
| 3.2.14.rc1 | MIT | 38 | 2013-07-13 - 00:24 | almost 11 years |
| 3.2.13 | UNKNOWN | 38 | 2013-03-18 - 17:12 | over 11 years |
| 3.2.13.rc2 | UNKNOWN | 42 | 2013-03-06 - 23:05 | over 11 years |
| 3.2.13.rc1 | UNKNOWN | 42 | 2013-02-27 - 20:24 | over 11 years |
| 3.2.12 | UNKNOWN | 42 | 2013-02-11 - 18:16 | over 11 years |
| 3.2.11 | UNKNOWN | 42 | 2013-01-08 - 20:06 | over 11 years |
| 3.2.10 | UNKNOWN | 44 | 2013-01-02 - 21:18 | over 11 years |
| 3.2.9 | UNKNOWN | 44 | 2012-11-12 - 15:20 | over 11 years |
| 3.2.9.rc3 | UNKNOWN | 44 | 2012-11-09 - 17:59 | over 11 years |
| 3.2.9.rc2 | UNKNOWN | 44 | 2012-11-01 - 17:39 | over 11 years |
| 3.2.9.rc1 | UNKNOWN | 44 | 2012-10-29 - 17:06 | over 11 years |
| 3.2.8 | UNKNOWN | 44 | 2012-08-09 - 21:22 | almost 12 years |
| 3.2.8.rc2 | UNKNOWN | 48 | 2012-08-03 - 14:28 | almost 12 years |
| 3.2.8.rc1 | UNKNOWN | 48 | 2012-08-01 - 20:56 | almost 12 years |
| 3.2.7 | UNKNOWN | 48 | 2012-07-26 - 22:06 | almost 12 years |
| 3.2.7.rc1 | UNKNOWN | 49 | 2012-07-23 - 21:45 | almost 12 years |
| 3.2.6 | UNKNOWN | 49 | 2012-06-12 - 21:24 | about 12 years |
| 3.2.5 | UNKNOWN | 51 | 2012-06-01 - 03:38 | about 12 years |
| 3.2.4 | UNKNOWN | 51 | 2012-05-31 - 18:23 | about 12 years |
| 3.2.4.rc1 | UNKNOWN | 53 | 2012-05-28 - 19:00 | about 12 years |
| 3.2.3 | UNKNOWN | 53 | 2012-03-30 - 22:25 | over 12 years |
| 3.2.3.rc2 | UNKNOWN | 53 | 2012-03-29 - 16:13 | over 12 years |
| 3.2.3.rc1 | UNKNOWN | 53 | 2012-03-27 - 17:10 | over 12 years |
| 3.2.2 | UNKNOWN | 53 | 2012-03-01 - 17:50 | over 12 years |
| 3.2.2.rc1 | UNKNOWN | 55 | 2012-02-22 - 21:37 | over 12 years |
| 3.2.1 | UNKNOWN | 55 | 2012-01-26 - 23:09 | over 12 years |
| 3.2.0 | UNKNOWN | 55 | 2012-01-20 - 16:47 | over 12 years |
| 3.2.0.rc2 | UNKNOWN | 45 | 2012-01-04 - 21:04 | over 12 years |
| 3.2.0.rc1 | UNKNOWN | 45 | 2011-12-20 - 00:40 | over 12 years |
| 3.1.12 | UNKNOWN | 49 | 2013-03-18 - 17:12 | over 11 years |
| 3.1.11 | UNKNOWN | 51 | 2013-02-11 - 18:16 | over 11 years |
| 3.1.10 | UNKNOWN | 51 | 2013-01-08 - 20:06 | over 11 years |
| 3.1.9 | UNKNOWN | 52 | 2013-01-02 - 21:18 | over 11 years |
| 3.1.8 | UNKNOWN | 52 | 2012-08-09 - 21:18 | almost 12 years |
| 3.1.7 | UNKNOWN | 54 | 2012-07-26 - 22:06 | almost 12 years |
| 3.1.6 | UNKNOWN | 55 | 2012-06-12 - 21:24 | about 12 years |
| 3.1.5 | UNKNOWN | 56 | 2012-05-31 - 18:23 | about 12 years |
| 3.1.5.rc1 | UNKNOWN | 57 | 2012-05-28 - 19:00 | about 12 years |
| 3.1.4 | UNKNOWN | 57 | 2012-03-01 - 17:50 | over 12 years |
| 3.1.4.rc1 | UNKNOWN | 58 | 2012-02-22 - 21:37 | over 12 years |
| 3.1.3 | UNKNOWN | 58 | 2011-11-20 - 22:51 | over 12 years |
| 3.1.2 | UNKNOWN | 58 | 2011-11-18 - 01:32 | over 12 years |
| 3.1.2.rc2 | UNKNOWN | 61 | 2011-11-14 - 15:48 | over 12 years |
| 3.1.2.rc1 | UNKNOWN | 61 | 2011-11-14 - 14:16 | over 12 years |
| 3.1.1 | UNKNOWN | 61 | 2011-10-07 - 15:28 | over 12 years |
| 3.1.1.rc3 | UNKNOWN | 61 | 2011-10-06 - 02:29 | over 12 years |
| 3.1.1.rc2 | UNKNOWN | 61 | 2011-09-29 - 22:15 | almost 13 years |
| 3.1.1.rc1 | UNKNOWN | 61 | 2011-09-15 - 00:24 | almost 13 years |
| 3.1.0 | UNKNOWN | 61 | 2011-08-31 - 02:17 | almost 13 years |
| 3.1.0.rc8 | UNKNOWN | 52 | 2011-08-29 - 03:25 | almost 13 years |
| 3.1.0.rc6 | UNKNOWN | 52 | 2011-08-16 - 22:32 | almost 13 years |
| 3.1.0.rc5 | UNKNOWN | 52 | 2011-07-25 - 23:04 | almost 13 years |
| 3.1.0.rc4 | UNKNOWN | 52 | 2011-06-09 - 22:55 | about 13 years |
| 3.1.0.rc3 | UNKNOWN | 52 | 2011-06-08 - 21:26 | about 13 years |
| 3.1.0.rc2 | UNKNOWN | 52 | 2011-06-08 - 00:14 | about 13 years |
| 3.1.0.rc1 | UNKNOWN | 52 | 2011-05-22 - 02:25 | about 13 years |
| 3.1.0.beta1 | UNKNOWN | 52 | 2011-05-05 - 01:22 | about 13 years |
| 3.0.20 | UNKNOWN | 54 | 2013-01-28 - 21:00 | over 11 years |
| 3.0.19 | UNKNOWN | 54 | 2013-01-08 - 20:06 | over 11 years |
| 3.0.18 | UNKNOWN | 55 | 2013-01-02 - 21:18 | over 11 years |
| 3.0.17 | UNKNOWN | 55 | 2012-08-09 - 21:15 | almost 12 years |
| 3.0.16 | UNKNOWN | 57 | 2012-07-26 - 22:06 | almost 12 years |
| 3.0.15 | UNKNOWN | 58 | 2012-06-13 - 03:06 | about 12 years |
| 3.0.14 | UNKNOWN | 58 | 2012-06-12 - 21:24 | about 12 years |
| 3.0.13 | UNKNOWN | 59 | 2012-05-31 - 18:23 | about 12 years |
| 3.0.13.rc1 | UNKNOWN | 60 | 2012-05-28 - 19:00 | about 12 years |
| 3.0.12 | UNKNOWN | 60 | 2012-03-01 - 17:50 | over 12 years |
| 3.0.12.rc1 | UNKNOWN | 61 | 2012-02-22 - 21:37 | over 12 years |
| 3.0.11 | UNKNOWN | 61 | 2011-11-18 - 01:22 | over 12 years |
| 3.0.10 | UNKNOWN | 62 | 2011-08-16 - 22:12 | almost 13 years |
| 3.0.10.rc1 | UNKNOWN | 65 | 2011-08-05 - 00:11 | almost 13 years |
| 3.0.9 | UNKNOWN | 65 | 2011-06-16 - 10:04 | about 13 years |
| 3.0.9.rc5 | UNKNOWN | 65 | 2011-06-12 - 21:29 | about 13 years |
| 3.0.9.rc4 | UNKNOWN | 65 | 2011-06-12 - 21:23 | about 13 years |
| 3.0.9.rc3 | UNKNOWN | 65 | 2011-06-09 - 22:50 | about 13 years |
| 3.0.9.rc1 | UNKNOWN | 65 | 2011-06-08 - 21:19 | about 13 years |
| 3.0.8 | UNKNOWN | 65 | 2011-06-08 - 00:14 | about 13 years |
| 3.0.8.rc4 | UNKNOWN | 66 | 2011-05-31 - 00:07 | about 13 years |
| 3.0.8.rc2 | UNKNOWN | 66 | 2011-05-27 - 16:31 | about 13 years |
| 3.0.8.rc1 | UNKNOWN | 66 | 2011-05-26 - 00:10 | about 13 years |
| 3.0.7 | UNKNOWN | 66 | 2011-04-18 - 21:04 | about 13 years |
| 3.0.7.rc2 | UNKNOWN | 67 | 2011-04-15 - 17:31 | about 13 years |
| 3.0.7.rc1 | UNKNOWN | 67 | 2011-04-14 - 21:55 | about 13 years |
| 3.0.6 | UNKNOWN | 67 | 2011-04-05 - 23:01 | about 13 years |
| 3.0.6.rc2 | UNKNOWN | 69 | 2011-03-31 - 05:27 | over 13 years |
| 3.0.6.rc1 | UNKNOWN | 69 | 2011-03-29 - 20:43 | over 13 years |
| 3.0.5 | UNKNOWN | 69 | 2011-02-27 - 02:29 | over 13 years |
| 3.0.5.rc1 | UNKNOWN | 69 | 2011-02-23 - 19:07 | over 13 years |
| 3.0.4 | UNKNOWN | 69 | 2011-02-08 - 21:15 | over 13 years |
| 3.0.4.rc1 | UNKNOWN | 75 | 2011-01-30 - 22:59 | over 13 years |
| 3.0.3 | UNKNOWN | 75 | 2010-11-16 - 16:28 | over 13 years |