Lucene search
K

83 matches found

Debian CVE
Debian CVE
added 2023/02/09 12:0 a.m.36 views

CVE-2023-22792

A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafted XFORWARDEDHOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process...

7.5CVSS6.1AI score0.01695EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.34 views

Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...

8.8CVSS7.3AI score0.02278EPSS
Exploits2References7
OSV
OSV
added 2023/01/18 6:23 p.m.41 views

GHSA-P84V-45XJ-WWQJ ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

7.5CVSS7.5AI score0.01695EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/01/18 6:23 p.m.35 views

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

7.5CVSS7.5AI score0.01695EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/01/18 6:20 p.m.33 views

GHSA-8XWW-X3G3-6JCV ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...

7.5CVSS7.6AI score0.02278EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/01/18 6:20 p.m.36 views

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...

7.5CVSS7.5AI score0.02278EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.31 views

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...

7.5CVSS7.3AI score0.01695EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.77 views

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...

7.5CVSS7.4AI score0.02278EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.3 views

PT-2023-18701 · Ruby On Rails +4 · Action Dispatch +4

Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Action Dispatch component of Ruby on Rails, which can lead to a denial of service Do...

9.8CVSS6.1AI score0.04808EPSS
Exploits11References98
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.5 views

PT-2023-18700 · Unknown +4 · Action Dispatch +4

Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.0.6.1 Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: A regular expression based DoS issue in Action Dispatch is related to insufficient input validation...

9.8CVSS6.2AI score0.04808EPSS
Exploits11References96
OSV
OSV
added 2022/10/26 8:15 p.m.5 views

UBUNTU-CVE-2022-3704

DISPUTED A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

5.4CVSS4.4AI score0.0068EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/16 3:43 p.m.7 views

rails: Possible Denial of Service vulnerability in Action Dispatch

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...

7.5CVSS6.7AI score0.02791EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.5 views

The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform of Ruby on Rails, related to an uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform’s Ruby on Rails framework is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service...

7.5CVSS6.6AI score0.02791EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2021/06/11 4:15 p.m.2 views

DEBIAN-CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.3AI score0.02791EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 4:15 p.m.3 views

UBUNTU-CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/05/20 12:0 a.m.30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2021/05/19 12:25 a.m.219 views

CVE-2021-22902

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...

7.5CVSS3.3AI score0.02791EPSS
Exploits1References4
OSV
OSV
added 2021/05/05 7:48 p.m.24 views

GHSA-G8WW-46X2-2P65 Denial of Service in Action Dispatch

Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...

7.5CVSS7.4AI score0.02791EPSS
Exploits1References7
Snyk
Snyk
added 2021/05/05 7:48 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Mime type parser of Action Dispatch due to the vulnerable regular expression MIMEREGEXP. Carefully crafted Accept headers can lead to catastrophic backtracking in the mime type parser...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/05/05 7:48 p.m.167 views

Denial of Service in Action Dispatch

Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...

7.5CVSS7.4AI score0.02791EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder