Rubyonrails » Rails : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service)
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
Max CVSS
7.5
EPSS Score
1.13%
Published
2016-02-16
Updated
2019-08-08
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
Max CVSS
7.5
EPSS Score
2.03%
Published
2016-02-16
Updated
2019-08-08
2 vulnerabilities found