Moderate severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish.

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Published: Sep 17, 2018
Updated: Apr 14, 2023
GHSA: GHSA-m53f-rhq8-q6hf
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
actionpack	-	3.2.22.1
actionpack	4.0.0	4.1.14.1
actionpack	4.2.0	4.2.5.1

No references available.

Vulnerability Database

289,697

Moderate severity vulnerability that affects actionpack