CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e06a1e09b6bec32b0a05c72a3ae7ceb00f61bf7d

Introduced

2efddadd6cba4e2129acedf1d402d11abcc03996

Fixed

c4d3e202e10ae627b3b9c34498afb45450652421

Introduced

375a4143cf5caeb6159b338be824903edfd62836

Fixed

e69ff43060c1194d2a3bd9b8d9e23f3ae26b84b5

Introduced

ce93740a5e4437dfc1cf9b0b13da1bad06a2a598

Fixed

ec8697bf0bfafff7d897fb50e322afe42ddc1623

Affected versions

v5.*

v5.0.0

v5.0.0.1

v5.0.1

v5.0.1.rc1

v5.0.1.rc2

v5.0.2

v5.0.2.rc1

v5.0.3

v5.0.4

v5.0.4.rc1

v5.0.5

v5.0.5.rc1

v5.0.5.rc2

v5.0.6

v5.0.7

v5.0.7.1

v5.1.0

v5.1.1

v5.1.2

v5.1.2.rc1

v5.1.3

v5.1.3.rc1

v5.1.3.rc2

v5.1.3.rc3

v5.1.4

v5.1.4.rc1

v5.1.5

v5.1.5.rc1

v5.1.6

v5.1.6.1

v5.2.0

v5.2.1

v5.2.1.1

v5.2.1.rc1

v5.2.2

v5.2.2.rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5419.json"