9795 matches found
CVE-2026-33174
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...
CVE-2026-33174 Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...
CVE-2026-33174 Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...
CVE-2026-33174
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...
CVE-2026-33173
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-33173
CVE-2026-33173 (Rails Active Storage) affects Rails Active Storage where DirectUploadsController accepts arbitrary client metadata and persists it on the blob. Before versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, a direct-upload client can set internal metadata flags (e.g., identified, analyzed) to byp...
CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-33173
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
CVE-2026-33170
CVE-2026-33170 concerns Active Support (Rails core extensions) where SafeBuffer#% fails to propagate the @html_unsafe flag to a newly created buffer. This can cause in-place mutations (e.g., gsub!) followed by formatting with % using untrusted input to produce a result where html_safe? remains tr...
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
CVE-2026-33169 affects Active Support (Rails core extensions). The issue arises in NumberToDelimitedConverter, which uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Interaction between a repeated lookahead group and gsub! can cause quadratic time complexity on...
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
Rails Active Storage has possible glob injection in its DiskService
Impact Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage director...