Lucene search
GoogleOSV:GHSA-35MM-CC6R-8FJPHistoryApr 07, 2021 - 8:58 p.m.
Cross-site scripting in actionpack
2021-04-0720:58:47
Google
osv.dev
6
cross-site scripting
actionpack
vulnerability
development mode
actionable exceptions
middleware
workaround
gem
software
EPSS
0.001
Percentile
29.2%
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Workarounds
Until such time as the patch can be applied, application developers should disable the Actionable Exceptions middleware in their development environment via a line such as this one in their config/environment/development.rb: config.middleware.delete ActionDispatch::ActionableExceptions
Related
ubuntucve
ubuntucve
CVE-2020-8264
2021-01-06 00:00:00
osv
osv
CVE-2020-8264
2021-01-06 21:15:14
veracode
veracode
Cross-site Scripting (XSS)
2020-10-12 05:58:50
nvd
nvd
CVE-2020-8264
2021-01-06 21:15:14
prion
prion
Cross site scripting
2021-01-06 21:15:00
cve
cve
CVE-2020-8264
2021-01-06 21:15:14
redhatcve
redhatcve
CVE-2020-8264
2020-10-08 18:52:03
debiancve
debiancve
CVE-2020-8264
2021-01-06 21:15:14
rubygems
rubygems
Possible XSS Vulnerability in Action Pack in Development Mode
2020-10-06 21:00:00
freebsd
freebsd
Rails -- Possible XSS vulnerability
2020-10-07 00:00:00
cvelist
cvelist
CVE-2020-8264
2021-01-06 21:02:35
nessus
nessus
github
github
Cross-site scripting in actionpack
2021-04-07 20:58:47
hackerone
hackerone
Ruby on Rails: Open Redirect (6.0.0 < rails < 6.0.3.2)
2020-06-21 02:15:14