Lucene search
+L

148 matches found

susecve
susecve
added 2023/02/15 5:19 a.m.6 views

SUSE CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

4.3CVSS5.9AI score0.0278EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 3:21 a.m.5 views

SUSE CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS5.7AI score0.01712EPSS
Exploits0References5
nvd
nvd
added 2023/02/09 8:15 p.m.20 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS8.4AI score0.01712EPSS
Exploits0References3
attackerkb
attackerkb
added 2023/02/09 8:15 p.m.5 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS6.8AI score0.01712EPSS
Exploits0References4
osv
osv
added 2023/02/09 8:15 p.m.1 views

DEBIAN-CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS5.9AI score0.01712EPSS
Exploits0References1
osv
osv
added 2023/02/09 8:15 p.m.10 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS7.8AI score0.01712EPSS
Exploits0References3
prion
prion
added 2023/02/09 8:15 p.m.17 views

Design/Logic Flaw

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

5CVSS7.2AI score0.01712EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/02/09 8:15 p.m.4 views

UBUNTU-CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS6.8AI score0.01712EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2023/02/09 8:15 p.m.24 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS6.7AI score0.01712EPSS
Exploits0References3
gitlab
gitlab
added 2023/02/09 12:0 a.m.32 views

Inefficient Regular Expression Complexity

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS7.3AI score0.01712EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2023/02/09 12:0 a.m.17 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7AI score0.01712EPSS
Exploits0References3
cve
cve
added 2023/02/09 12:0 a.m.322 views

CVE-2023-22796

CVE-2023-22796 affects Ruby on Rails’ Active Support gem. A regex-based DoS vulnerability (catastrophic backtracking) can cause high CPU and memory usage when the underscore method is fed a crafted string, leading to a DoS. Affected: Active Support versions <6.1.7.1 and

7.5CVSS7.2AI score0.01712EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2023/02/09 12:0 a.m.48 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS6AI score0.01712EPSS
Exploits0
cvelist
cvelist
added 2023/02/09 12:0 a.m.50 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.6AI score0.01712EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2023/02/09 12:0 a.m.52 views

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS7.5AI score0.01712EPSS
Exploits0
nessus
nessus
added 2023/02/01 12:0 a.m.34 views

Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...

8.8CVSS7.3AI score0.02278EPSS
Exploits2References7
osv
osv
added 2023/01/18 6:23 p.m.51 views

GHSA-J6GC-792M-QGM2 ReDoS based DoS vulnerability in Active Support's underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...

7.5CVSS7.5AI score0.01712EPSS
Exploits0References9
github
github
added 2023/01/18 6:23 p.m.46 views

ReDoS based DoS vulnerability in Active Support's underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...

7.5CVSS7.5AI score0.01712EPSS
Exploits0References9Affected Software1
gitlab
gitlab
added 2023/01/18 12:0 a.m.45 views

Duplicate of ./gem/activesupport/CVE-2023-22796.yml

There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

7.5CVSS7.4AI score0.01712EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2023/01/18 12:0 a.m.8 views

PT-2023-18702 · Ruby +5 · Ruby +5

Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...

9.8CVSS6AI score0.04808EPSS
Exploits10References92
Rows per page
Query Builder