Lucene search
+L

119 matches found

CVE
CVE
added 2024/02/27 3:25 p.m.126 views

CVE-2024-26142

CVE-2024-26142 affects Rails, starting from version 7.1.0, where an ReDoS in the Accept header parsing of Action Dispatch was reported. The vulnerability is mitigated by upgrading to Rails 7.1.3.1; Rails applications using Ruby 3.2 or newer are reportedly unaffected due to Ruby 3.2 mitigations. T...

7.5CVSS7.4AI score0.01498EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/02/27 3:25 p.m.67 views

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS7.7AI score0.01498EPSS
Exploits0References5
OSV
OSV
added 2024/02/27 3:25 p.m.37 views

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS6.5AI score0.01498EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2024/02/27 3:25 p.m.61 views

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS6.5AI score0.01498EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.41 views

Rails Security Vulnerabilities

Rails is a Ruby-based open source web application framework from the Rails team. A security vulnerability exists in Rails versions prior to 7.1.0 through 7.1.3.1, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the Accept header parsing routine of Action Dispatch...

7.5CVSS6.7AI score0.01498EPSS
Exploits0References5
Snyk
Snyk
added 2024/02/25 12:21 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS6.8AI score0.01996EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/24 11:22 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in Action Dispatch's Accept header parsing. Note: This is only vulnerable on applications based on Ruby prior to 3.2. Details Denial of Service DoS describes a family of attacks, all aimed at...

7.5CVSS6.7AI score0.01498EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/02/24 3:16 a.m.3 views

SUSE CVE-2024-26146

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ru...

5.3CVSS6.8AI score0.01996EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.6 views

PT-2024-21298 · Rails +2 · Rails +2

Name of the Vulnerable Software and Affected Versions: Rails versions 7.1.0 through 7.1.3.0 Description: There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This issue can cause Accept header parsing to take an unexpected amount of time, possibly...

7.5CVSS7.8AI score0.01498EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2024/02/23 3:2 a.m.47 views

CVE-2024-26146

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Mitigation No mitigati...

5.3CVSS6.7AI score0.01996EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.16 views

PT-2024-1928

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.0.9.4 Rack versions prior to 2.1.4.4 Rack versions prior to 2.2.8.1 Rack versions prior to 3.0.9.1 Description The issue is related to the header parsing in Rack, which can be exploited by carefully crafted headers,...

10CVSS6.9AI score0.35376EPSS
Exploits4References120
RubySec
RubySec
added 2024/02/21 12:0 a.m.48 views

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...

7.5CVSS7AI score0.01498EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2023/08/11 5:18 p.m.72 views

HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter

A reflected cross-site scripting RXSS vulnerability was discovered on the image.hackerone.live website. The vulnerability allowed an attacker to bypass the fix implemented for a previous RXSS issue. By modifying the server's response to a HEAD request, the attacker could change the Content-Type a...

6.5AI score
Exploits0
Snyk
Snyk
added 2023/03/15 11:8 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

5.3CVSS6.8AI score0.01081EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.4 views

SUSE CVE-2016-0751

actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...

7.5CVSS7.4AI score0.09731EPSS
Exploits0References9
Veracode
Veracode
added 2022/10/10 9:8 p.m.23 views

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to an HTTP accept header field , allowing an attacker to do a response body bypass by accessing to restricted resources...

7.5CVSS8.4AI score0.00771EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2022/09/30 5:19 p.m.33 views

CVE-2022-39957

A flaw was found in the OWASP ModSecurity Core Rule Set. A payload with a HTTP accept header field containing a charset that can't be decoded by the Web Application Firewall allows a response body bypass, resulting in access to restricted resources...

7.3CVSS1.9AI score0.00771EPSS
Exploits0References4
NVD
NVD
added 2022/09/20 7:15 a.m.23 views

CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

7.5CVSS0.00771EPSS
Exploits0References7
OSV
OSV
added 2022/09/20 7:15 a.m.4 views

DEBIAN-CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References1
Prion
Prion
added 2022/09/20 7:15 a.m.21 views

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

5CVSS8.3AI score0.00771EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder