Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...

PT-2024-7931

Name of the Vulnerable Software and Affected Versions Action Mailer versions 3.0.0 through 6.1.7.8 Action Mailer versions 7.0.0 through 7.0.8.4 Action Mailer versions 7.1.0 through 7.1.4.0 Action Mailer versions 7.2.0 through 7.2.1.0 Description The issue is related to the block format helper in...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails. An attacker exploited the vulnerability to cause a denial of service on the system...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails. An attacker exploited the vulnerability to cause a denial of service on the system...

Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Impact ------ Carefully crafted text can cause the plaintextforblockquotenode helper to take an unexpected amount of time,...

Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS vulnerabilit...

Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...

PT-2024-7928

Name of the Vulnerable Software and Affected Versions Action Pack versions 3.1.0 through 6.1.7.8 Action Pack versions 7.0.0 through 7.0.8.4 Action Pack versions 7.1.0 through 7.1.4.0 Action Pack versions 7.2.0 through 7.2.1.0 Description The issue is related to a possible ReDoS vulnerability in t...

Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Impact Carefully crafted text can cause the plaintextforblockquotenode helper to take an unexpected amount of time, possibly...

OESA-2024-2247 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request...

OESA-2024-2226 rubygem-webrick security update

WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Security Fixes: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...

RHSA-2024:4499 Red Hat Security Advisory: ruby security update

Bulletin has no description...

RHSA-2024:1576 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2024:1431 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

Bulletin has no description...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2568)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2024-2517)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby read...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-2594)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby read...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...