Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2019-5419

🗓️ 27 Mar 2019 14:01:29Reported by hackeroneType 
cve
 cve🔗 web.nvd.nist.gov👁 235 Views🌐 WEB

Possible denial of service vulnerability in Action View (Rails) <5.2.2.

Show more
Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
OSV		CVE-2019-5419
27 Mar 201914:29
osv
OSV		RHSA-2019:1289 Red Hat Security Advisory: CloudForms 4.6.9 security, bug fix and enhancement update
13 Sep 202414:10
osv
OSV		RHSA-2019:1147 Red Hat Security Advisory: rh-ror50-rubygem-actionpack security update
13 Sep 202414:08
osv
OSV		RHSA-2019:1149 Red Hat Security Advisory: rh-ror42-rubygem-actionpack security update
13 Sep 202414:07
osv
OSV		rails - security update
30 Mar 201900:00
osv
OSV		Denial of Service Vulnerability in Action View
13 Mar 201917:25
osv
OSV		RHSA-2019:0796 Red Hat Security Advisory: CloudForms 4.7.3 security, bug fix and enhancement update
13 Sep 202414:07
osv
OSV		OPENSUSE-SU-2024:10589-1 rmt-server-2.6.13-1.1 on GA media
15 Jun 202400:00
osv
IBM Security Bulletins		Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-5419).
10 Oct 201919:56
ibm
GitLab Advisory Database		Allocation of Resources Without Limits or Throttling
27 Mar 201900:00
gitlab
Rows per page
Nvd
Vulners
Node
rubyonrailsrailsRange<4.2.11.1
OR
rubyonrailsrailsRange5.0.05.0.7.2
OR
rubyonrailsrailsRange5.1.05.1.6.2
OR
rubyonrailsrailsRange5.2.05.2.2.1
Node
debiandebian_linuxMatch8.0
Node
redhatcloudformsMatch4.6
OR
redhatcloudformsMatch4.7
OR
redhatsoftware_collectionsMatch1.0
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
fedoraprojectfedoraMatch30
[
  {
    "product": "https://github.com/rails/rails",
    "vendor": "Rails",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.2.1"
      },
      {
        "status": "affected",
        "version": "5.1.6.2"
      },
      {
        "status": "affected",
        "version": "5.0.7.2"
      },
      {
        "status": "affected",
        "version": "4.2.11.1"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
encoded_keypath/rails/active_storage/disk/:encoded_key/*filename(.:format)This endpoint is vulnerable to deserialization and remote code execution via crafted requests related to CVE-2019-5420.CWE-400CWE-770
filenamepath/rails/active_storage/disk/:encoded_key/*filename(.:format)This endpoint is vulnerable to deserialization and remote code execution via crafted requests related to CVE-2019-5420.CWE-400CWE-770

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Mar 2019 14:29Current
8.1High risk
Vulners AI Score8.1
CVSS27.8
CVSS37.5
EPSS0.0029
CWE-400CWE-770
denial of servicevulnerabilityaction viewrailsnvdcve-2019-5419
235
.json
Report