{"vulnerability": "CVE-2024-54133", "sightings": [{"uuid": "c759d765-1728-49eb-ac77-9c63fb7355f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54133", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113630998131727296", "content": "", "creation_timestamp": "2024-12-10T22:57:11.941228Z"}, {"uuid": "edabd61b-3e0a-4079-a4f0-b2a290158b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54133", "type": "seen", "source": "https://t.me/cvedetector/12611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54133 - Rails Content-Security-Policy XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-54133 \nPublished : Dec. 10, 2024, 11:15 p.m. | 39\u00a0minutes ago \nDescription : Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability  in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T01:01:34.000000Z"}, {"uuid": "0d3aa3d8-7488-4b81-8891-971146484b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54133", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lhijtv2tea2q", "content": "", "creation_timestamp": "2025-02-06T07:11:33.945421Z"}, {"uuid": "262fecbc-ee0f-4262-bff0-b5ebb288777b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54133", "type": "seen", "source": "https://gist.github.com/omid-storyful/ad62fd00008868617d9703d12aa29478", "content": "", "creation_timestamp": "2025-10-29T13:31:08.000000Z"}, {"uuid": "f826d268-3e70-4666-a8e0-3e4679085c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54133", "type": "seen", "source": "https://gist.github.com/omid-storyful/932f7b8d388ffa7dd9d6eb3103b1830b", "content": "", "creation_timestamp": "2025-10-29T13:47:42.000000Z"}]}