Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
Vendor: Ruby on Rails
Vendor URL: https://rubyonrails.org
Versions affected: versions prior to 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1
Operating Systems Affected: ALL
Author: Álvaro Martín Fraguas
Advisory URLs:
- https://groups.google.com/g/rubyonrails-security/c/Yg2tEh2UUqc
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
Accepted commit for the fix in...
Top Threats your Business Can Prevent on the DNS Level
Web-filtering solutions, a must-have for businesses of any size, will protect your corporate network from multiple origins.
The Domain Name System (DNS) is the underlying fabric that connects almost...
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10.
Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute...
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
An unpatched Domain Name System (DNS) bug...
Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges.
Containers are self-contained pods representing complete, portable application environments. They contain everything an application...
Security Turbulence in the Cloud: Survey Says…
Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.
Over the past 15 years, the cloud has blown business into a new age of networking,...
Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens...
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
Four months after...
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous...
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today’s modern cloud-dependent infrastructures.
While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is....
