Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

6.5CVSS6.3AI score0.02791EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/26 4:53 p.m.29 views

Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Summary A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-22902 DESCRIPTION: Ruby on Rails is vulnerable to a denial of service, caused by a use-after-free flaw in the in Action Dispatch. By...

7.5CVSS0.7AI score0.04808EPSS
Exploits2Affected Software1
CVE
CVE
added 2021/06/11 3:49 p.m.259 views

CVE-2021-22902

CVE-2021-22902 refers to a denial-of-service vulnerability in Rails Action Dispatch mime-type parsing. The actionpack gem, prior to versions 6.0.3.7 and 6.1.3.2, can be exploited by specially crafted HTTP Accept headers that trigger catastrophic backtracking in the regular expression engine. The ...

7.5CVSS7.2AI score0.02791EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/05/20 12:0 a.m.30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/05/10 12:0 a.m.52 views

FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)

Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS7.3AI score0.04808EPSS
Exploits3References10
FreeBSD
FreeBSD
added 2021/05/05 12:0 a.m.38 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS2.3AI score0.04808EPSS
Exploits3References5
RubySec
RubySec
added 2021/05/05 12:0 a.m.32 views

Possible Denial of Service vulnerability in Action Dispatch

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...

7.5CVSS4.1AI score0.02791EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder