CVE-2022-22577

Published: 26 May 2022

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

Notes

Author	Note
seth-arnold	In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward

Priority

CVSS 3 base score: 6.1

Package	Release	Status
rails Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support)
rails-4.0 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
ruby-actionpack-3.2 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
ruby-activemodel-3.2 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
ruby-activerecord-3.2 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
ruby-activesupport-3.2 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
ruby-rails-3.2 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist