Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
OBS:Server:2.9:Staging
rubygem-actionpack-5_1
CVE-2019-5418.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-5418.patch of Package rubygem-actionpack-5_1
From 92c025d7f17ff256ac50f5e3bc014bb1a016d1ec Mon Sep 17 00:00:00 2001 From: John Hawthorn <john@hawthorn.email> Date: Mon, 4 Mar 2019 18:24:51 -0800 Subject: [PATCH] Only accept formats from registered mime types [CVE-2019-5418] [CVE-2019-5419] --- .../lib/action_dispatch/http/mime_negotiation.rb | 5 +++++ actionpack/test/controller/mime/respond_to_test.rb | 10 ++++++---- .../new_base/content_negotiation_test.rb | 14 ++++++++++++-- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/actionpack-5.1.4/lib/action_dispatch/http/mime_negotiation.rb b/actionpack-5.1.4/lib/action_dispatch/http/mime_negotiation.rb index c4fe3a5c09..9a93a454bc 100644 --- a/actionpack-5.1.4/lib/action_dispatch/http/mime_negotiation.rb +++ b/actionpack-5.1.4/lib/action_dispatch/http/mime_negotiation.rb @@ -76,6 +76,11 @@ def formats else [Mime[:html]] end + + v = v.select do |format| + format.symbol || format.ref == "*/*" + end + set_header k, v end end -- 2.21.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor