Description
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
Magento CVE-2019-8123 Vulnerability (CVE-2019-8123)
WordPress Plugin WebEngage Feedback, Survey and Notification Cross-Site Scripting (2.0.0)
Oracle JRE CVE-2017-10388 Vulnerability (CVE-2017-10388)
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)