CVE-2024-28103 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-28103

CWE

https://cwe.mitre.org/data/definitions/.html

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

Affected Software

Name	Vendor	Start Version	End Version
Rails	Rubyonrails	6.1.0 (including)	6.1.7.8 (excluding)
Rails	Rubyonrails	7.0.0 (including)	7.0.8.4 (excluding)
Rails	Rubyonrails	7.1.0 (including)	7.1.3.4 (excluding)
Rails	Rubyonrails	7.2.0-beta1 (including)	7.2.0-beta1 (including)
Rails	Ubuntu	mantic	*

References

https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7