Lucene search
K

5 matches found

Snyk
Snyk
added 2026/03/25 9:4 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the proxy controller when processing HTTP requests containing a large number of byte ranges in the Range header. An attacker can cause excessive CPU usage by sending requests with...

7.5CVSS5.9AI score0.00434EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 2:33 a.m.5 views

Glob Injection

Overview Affected versions of this package are vulnerable to Glob Injection via the DiskServicedeleteprefixed function. An attacker can delete unintended files from the storage directory by supplying blob keys containing glob metacharacters that are passed unescaped to Dir.glob. Remediation Upgra...

9.1CVSS5.8AI score0.00646EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 12:32 a.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the Blobs::ProxyController. An attacker can exhaust server memory by sending requests with large or unbounded range headers. Remediation Upgrade activestorage to version 7.2.3.1, 8.0.4.1,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 12:32 a.m.8 views

Improper Handling of Values

Overview Affected versions of this package are vulnerable to Improper Handling of Values in the DirectUploadsController. A malicious direct-upload client can set contenttype flags like identified and analyzed to make a malicious uploaded file appear safe. Remediation Upgrade activestorage to...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:6 a.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...

9.2CVSS7.7AI score0.02388EPSS
Exploits0References2
Rows per page
Query Builder