Skip to content

actionpack is vulnerable to denial of service via a crafted HTTP Accept header #10

New issue
New issue
Open
Open
actionpack is vulnerable to denial of service via a crafted HTTP Accept header#10
Assignees
ls-barnaby-claydon
Labels
dependabothighsecurity
@sniffler-app

Description

@sniffler-app
sniffler-app
bot
opened on Apr 14, 2023

Description

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report :https://github.com/swipely/json_controller_generator/security/dependabot/63

Metadata

Metadata

Assignees

Labels

dependabothighsecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions