BIT-rails-2024-54133

BIT-rails-2024-54133 PUBLISHED CVSS 2.299999952316284 LOW

Possible Content Security Policy bypass in Action Dispatch

Risk Scores

CVSS v4.0

2.299999952316284

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

Vendor	Product	Versions
Bitnami	rails	5.2.0, 7.1.0, 7.2.0

Timeline

Apr 14, 2025 CVE Published
Oct 6, 2025 CVE Updated

References

https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49 url
https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a url
https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542 url
https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d url
https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v url
https://nvd.nist.gov/vuln/detail/CVE-2024-54133 url
https://security.netapp.com/advisory/ntap-20250306-0010/ url

Open in Interactive Console →