BIT-rails-2024-28103
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/rails/BIT-rails-2024-28103.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-rails-2024-28103
- Aliases
- Published
- 2024-12-20T09:49:58.439Z
- Modified
- 2025-10-06T09:57:09.857733Z
- Summary
- Action Pack is missing security headers on non-HTML responses
- Details
-
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- Database specific
{ "cpes": [ "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:ruby:*:*" ], "severity": "Critical" }- References
Affected packages
Bitnami / rails
Package
- Name
- rails
- Purl
- pkg:bitnami/rails
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator