vulnerability
Ruby on Rails: Allocation of Resources Without Limits or Throttling (CVE-2019-5419)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 03/27/2019 | 01/03/2020 | 11/27/2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
03/27/2019
Added
01/03/2020
Modified
11/27/2024
Description
There is a possible denial of service vulnerability in Action View (Rails)
Solution(s)
ruby-on-rails-upgrade-4_2_11_1ruby-on-rails-upgrade-5_0_7_2ruby-on-rails-upgrade-5_1_6_2ruby-on-rails-upgrade-5_2_2_1
References
- CVE-2019-5419
- https://attackerkb.com/topics/CVE-2019-5419
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
- URL-http://www.openwall.com/lists/oss-security/2019/03/22/1
- URL-https://access.redhat.com/errata/RHSA-2019:0796
- URL-https://access.redhat.com/errata/RHSA-2019:1147
- URL-https://access.redhat.com/errata/RHSA-2019:1149
- URL-https://access.redhat.com/errata/RHSA-2019:1289
- URL-https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
- URL-https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
- URL-https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.