4 matches found
CVE-2026-33658
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...
DEBIAN-CVE-2026-33658
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
PT-2026-27260
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the...