83 matches found
CVE-2023-22792
A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafted XFORWARDEDHOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process...
Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...
GHSA-P84V-45XJ-WWQJ ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...
GHSA-8XWW-X3G3-6JCV ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...
PT-2023-18701 · Ruby On Rails +4 · Action Dispatch +4
Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Action Dispatch component of Ruby on Rails, which can lead to a denial of service Do...
PT-2023-18700 · Unknown +4 · Action Dispatch +4
Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.0.6.1 Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: A regular expression based DoS issue in Action Dispatch is related to insufficient input validation...
UBUNTU-CVE-2022-3704
DISPUTED A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...
rails: Possible Denial of Service vulnerability in Action Dispatch
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...
The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform of Ruby on Rails, related to an uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the regular expression processor in the Mime-type parser of the ActionDispatch framework in the Ruby programming platform’s Ruby on Rails framework is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service...
DEBIAN-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
UBUNTU-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
Discourse 2.7.0.beta9 Security Update
A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2021-22902
A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible Denial of Service vulnerability was found in the Mime type parser of Action Dispatch...
GHSA-G8WW-46X2-2P65 Denial of Service in Action Dispatch
Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Mime type parser of Action Dispatch due to the vulnerable regular expression MIMEREGEXP. Carefully crafted Accept headers can lead to catastrophic backtracking in the mime type parser...
Denial of Service in Action Dispatch
Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...