5 matches found
The vulnerability of the `plain_text_for_blockquote_node` function in the Action Text interpreter for Ruby allows a hacker to trigger a service failure.
The vulnerability of the plaintextforblockquotenode function in the Action Text interpreter for Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...
SUSE CVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
UBUNTU-CVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
CVE-2024-47888 Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
Regular Expression Denial of Service (ReDoS)
Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the plaintextforblockquotenode helper function due to the usage of an insecure regular expression. By...