Description
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-3492 Vulnerability (CVE-2016-3492)
WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)
WordPress Plugin YouTube Embed Cross-Site Scripting (5.2.1)
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)