CVE-2022-22577

MEDIUM

Action Pack >=5.2.0-<5.2.0 - XSS

Title source: llm

Description

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

References (4)

Scores

CVSS v3 6.1
EPSS 0.0029
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (3)

rubyonrails/actionpack < 5.2.7.1
debian/debian_linux
rubygems/actionpack < 5.2.7.1RubyGems

Timeline

Published May 26, 2022
Tracked Since Feb 18, 2026