Zack Deveau

5 exploits Active since Jun 2024
CVE-2023-28362 WRITEUP MEDIUM WRITEUP
Rails - Open Redirect
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
CVSS 4.0
CVE-2023-23913 WRITEUP MEDIUM WRITEUP
Rails-ujs - Cross-Site Scripting
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.
CVSS 6.3
CVE-2023-28362 WRITEUP MEDIUM WRITEUP
Rails - Open Redirect
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
CVSS 4.0
CVE-2024-28103 WRITEUP MEDIUM WRITEUP
Rails 6.1.0-6.1.7.7 - Improper Input Validation in Permissions-Policy Header
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
CVSS 5.4
CVE-2024-32464 WRITEUP MEDIUM WRITEUP
Action Text <7.1.3.4,7.2.0.beta2 - XSS
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
CVSS 6.1