[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch

Disclosed: 2025-02-06 06:31:33 By ryotak To ibb

Low

Vulnerability Details

## Summary Original report: https://hackerone.com/reports/2440762 Advisory: https://discuss.rubyonrails.org/t/cve-2024-54133-possible-content-security-policy-bypass-in-action-dispatch/88178 ## Impact Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Actions

View on HackerOne

Report Stats

Report ID: 2905532
State: Closed
Substate: resolved
Upvotes: 2

[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch

Vulnerability Details

Actions

Report Stats

Share this report