CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3186
https://notcve.org/view.php?id=CVE-2024-3186
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. ... Esta vulnerabilidad permite que un atacante remoto con privilegios para modificar archivos de plantilla de JavaScript (JST) provoque un bloqueo y provoque una denegación de servicio (DoS) al proporcionar plantillas maliciosas. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3186 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3184
https://notcve.org/view.php?id=CVE-2024-3184
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS). ... Sin un notificador de memoria para errores de asignación, los atacantes remotos pueden explotar estas vulnerabilidades enviando solicitudes maliciosas, lo que provoca un bloqueo y una denegación de servicio (DoS). • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3184 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47889 – Action Mailer has possible ReDoS vulnerability in block_format
https://notcve.org/view.php?id=CVE-2024-47889
Action Mailer is a framework for designing email service layers. ... Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... Un texto cuidadosamente elaborado puede hacer que el asistente block_format tarde una cantidad inesperada de tiempo, lo que puede dar como resultado una vulnerabilidad de DoS. Todos los usuarios que ejecuten una versión afectada deben actualizar a las versiones 6.1.7.9, 7.0.8.5, 7.1.4.1 o 7.2.1.1 o aplicar el parche correspondiente de inmediato. • https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94 https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3 https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9 https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47888 – Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
https://notcve.org/view.php?id=CVE-2024-47888
Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... Un texto cuidadosamente elaborado puede hacer que el asistente `plain_text_for_blockquote_node` tarde una cantidad inesperada de tiempo, lo que posiblemente resulte en una vulnerabilidad de DoS. Todos los usuarios que ejecuten una versión afectada deben actualizar a las versiones 6.1.7.9, 7.0.8.5, 7.1.4.1 o 7.2.1.1 o aplicar el parche correspondiente inmediatamente. • https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468 https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822 https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5 https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47887 – Action Controller has possible ReDoS vulnerability in HTTP Token authentication
https://notcve.org/view.php?id=CVE-2024-47887
For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. ... En el caso de las aplicaciones que utilizan la autenticación de token HTTP mediante `authenticate_or_request_with_http_token` o similar, un encabezado cuidadosamente diseñado puede provocar que el análisis del encabezado tarde una cantidad inesperada de tiempo, lo que posiblemente resulte en una vulnerabilidad de DoS. Todos los usuarios que ejecuten una versión afectada deben actualizar a las versiones 6.1.7.9, 7.0.8.5, 7.1.4.1 o 7.2.1.1 o aplicar el parche correspondiente de inmediato. • https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049 https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545 https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2 https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 • CWE-1333: Inefficient Regular Expression Complexity •