Page 2 of 21 results (0.014 seconds)

CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in Action Dispatch related to the If-None-Match header. • https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 https://security.netapp.com/advisory/ntap-20240202-0010 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2023-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2164799 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. • https://github.com/advisories/GHSA-rmj8-8hhh-gv5h https://github.com/advisories/GHSA-wh98-p28r-vrc9 https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1 https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. • http://www.openwall.com/lists/oss-security/2022/02/11/5 https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20240119-0013 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2022-23633 https://bugzilla.redhat.com/show_bug.cgi?id=2063149 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. El actionpack ruby gem versiones anteriores a 6.1.3.2, 6.0.3.7, 5.2.4.6 y 5.2.6, sufre una posible vulnerabilidad de denegación de servicio en la lógica de autenticación de tokens en Action Controller debido a una expresión regular demasiado permisiva. El código afectado usa las funciones "authenticate_or_request_with_http_token" o "authenticate_with_http_token" para la autenticación de peticiones A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller. • https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869 https://hackerone.com/reports/1101125 https://security.netapp.com/advisory/ntap-20210805-0009 https://access.redhat.com/security/cve/CVE-2021-22904 https://bugzilla.redhat.com/show_bug.cgi?id=1961379 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Una posible vulnerabilidad de divulgación de información y ejecución de método no intecional en Action Pack versiones posteriores a 2.0.0 e incluyéndola, cuando se usa la ayuda "redirect_to" o "polymorphic_url" con la entrada de un usuario no confiable A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the `redirect_to` or `polymorphic_url` helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality. • https://hackerone.com/reports/1106652 https://security.netapp.com/advisory/ntap-20210805-0009 https://www.debian.org/security/2021/dsa-4929 https://access.redhat.com/security/cve/CVE-2021-22885 https://bugzilla.redhat.com/show_bug.cgi?id=1957441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •