CVE-2006-4112 – rails

Package

Manager: gem
Name: rails
Vulnerable Version: >=1.1.0 <1.1.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0857 pctl0.92058

Details

Rails Denial of Service vulnerability Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-03T14:26:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-9wrq-xvmp-xjc8/GHSA-9wrq-xvmp-xjc8.json
CWE IDs: []
Alternative ID: GHSA-9wrq-xvmp-xjc8
Finding: F422
Auto approve: 1