Описание
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.2 | ruby193-rubygem-actionpack | Not affected | ||
| CloudForms Management Engine 5.3 | ruby193-rubygem-actionpack | Not affected | ||
| Red Hat Software Collections | ruby193-rubygem-actionpack | Not affected | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-actionpack | Not affected | ||
| Red Hat Subscription Asset Manager | rubygem-actionpack | Not affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionpack | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionview | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activemodel | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activerecord | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activesupport | Fixed | RHSA-2016:0296 | 24.02.2016 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...
actionpack is vulnerable to denial of service because of a wildcard controller route
Уязвимость программной платформы Ruby on Rails, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2