26 matches found
Stack overflow
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
CVE-2022-23516 Uncontrolled Recursion in Loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
CVE-2022-23516 Uncontrolled Recursion in Loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
Denial Of Service (DoS)
Carefully crafted requests can cause a 'SystemStackError' and potentially cause a denial of service attack. All users running an affected release should either upgrade or use one of the workarounds immediately listed in the references below...
Moderate severity vulnerability that affects rack
Withdrawn, accidental duplicate publish. lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
Rack vulnerable to Denial of Service via large parameter depth request
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
GHSA-RGR4-9JH5-J4J6 Rack vulnerable to Denial of Service via large parameter depth request
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
Denial Of Service (DoS)
liquid is vulnerable to denial of service DoS attacks. A malicious user can pass a template file to the application when parsed can lead to a SystemStackError, crashing the application...
Ruby on Rails activesupport远程拒绝服务漏洞
Impact Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted. All users running an...
SUSE-SU-2015:2190-1 Security update for rubygem-rack-1_4
rubygem-rack-14 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service bsc934797...
Updated ruby-rack packages fix CVE-2015-3225
Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...
MGASA-2015-0346 Updated ruby-rack packages fix CVE-2015-3225
Updated ruby-rack packages fix security vulnerability: lib/rack/utils.rb in Rack before 1.5.4 allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth CVE-2015-3225...
DSA-3322-1 ruby-rack - security update
Bulletin has no description...
CVE-2015-3227
The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...
CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
Design/Logic Flaw
The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...
Design/Logic Flaw
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
CVE-2015-3227
The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...
CVE-2015-3225
CVE-2015-3225: Rack (lib/rack/utils.rb) before 1.5.4 and 1.6.x before 1.6.2 allows remote abuse via requests with very large parameter depth, causing SystemStackError DoS. Public references confirm this is a vulnerability in Rack used with Rails 3.x/4.x. Remediation in public advisories: upgrade ...
CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...