CVE-2022-22577

Summary

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Stored (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References