An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1709 Final 1.0 1.0 2024-06-14 Initial 2024-06-14 2024-06-14 openEuler SA Tool V1.0 2024-06-14 rubygem-actionpack security update An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3. Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fix(es): Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.(CVE-2024-28103) An update for rubygem-actionpack is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium rubygem-actionpack https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1709 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-28103 https://nvd.nist.gov/vuln/detail/CVE-2024-28103 openEuler-22.03-LTS-SP3 rubygem-actionpack-6.1.4.1-5.oe2203sp3.noarch.rpm rubygem-actionpack-doc-6.1.4.1-5.oe2203sp3.noarch.rpm rubygem-actionpack-6.1.4.1-5.oe2203sp3.src.rpm Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. 2024-06-14 CVE-2024-28103 openEuler-22.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N rubygem-actionpack security update 2024-06-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1709