Vulnerability Database

296,733

Total vulnerabilities in the database

CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: High
  • Score: 7.8
  • AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

Software From Fixed in
rubyonrails / rails 5.0.0 5.0.7.2
rubyonrails / rails 5.1.0 5.1.6.2
rubyonrails / rails 5.2.0 5.2.2.1
rubyonrails / rails - 4.2.11.1
debian / debian_linux 8.0 8.0.x
redhat / software_collections 1.0 1.0.x
redhat / cloudforms 4.6 4.6.x
redhat / cloudforms 4.7 4.7.x
opensuse / leap 15.0 15.0.x
opensuse / leap 15.1 15.1.x
fedoraproject / fedora 30 30.x
Ruby icon actionview 4.0.0 4.2.11.1
Ruby icon actionview 5.2.0 5.2.2.1
Ruby icon actionview 5.1.0 5.1.6.2
Ruby icon actionview 5.0.0 5.0.7.2