GCVE - cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*

part: a version: * update: *

Vendor	Rubyonrails (`a0962337-0e2d-518c-b84b-f2864721d062`)
Product	Actionpack (`792c9e09-0b00-516e-86f4-c9e82bfb3f64`)
Edition	*
Language	*
Software edition	*
Target software	ruby
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-27777`	vulnerable	2026-06-03 14:46:53.716061	Details available A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Published: 2022-05-26T00:00:00.000Z Updated: 2024-08-03T05:32:59.808Z Open on db.gcve.eu Reference links https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://www.debian.org/security/2023/dsa-5372	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-22577`	vulnerable	2026-06-03 14:46:24.965068	Details available An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Published: 2022-05-26T00:00:00.000Z Updated: 2024-08-03T03:14:55.738Z Open on db.gcve.eu Reference links https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0002/ https://www.debian.org/security/2023/dsa-5372	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.