logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

GHSA-m53f-rhq8-q6hf actionpack

Package

Manager: gem
Name: actionpack
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Moderate severity vulnerability that affects actionpack Withdrawn, accidental duplicate publish. actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Metadata

Created: 2018-09-17T21:55:03Z
Modified: 2021-12-03T14:21:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-m53f-rhq8-q6hf/GHSA-m53f-rhq8-q6hf.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0