3 matches found
actionpack is vulnerable to denial of service because of a wildcard controller route
actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...
CVE-2015-7580
Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...
CVE-2015-7580
The CVE-2015-7580 entry describes an XSS vulnerability in the rails-html-sanitizer gem prior to 1.0.3 used with Ruby on Rails 4.2.x and 5.x. The issue arises in lib/rails/html/scrubbers.rb where a crafted CDATA node can inject arbitrary script/HTML. Affected component: rails-html-sanitizer (Ruby ...