Denial of Service Vulnerability in Action View for Rails by Ruby on Rails
CVE-2019-5419

7.5HIGH

Key Information:

Vendor: Rails
Status: Https://github.com/rails/rails
Vendor: CVE Published:; 27 March 2019

🔔 Create Rails Vulnerability Alert

What is CVE-2019-5419?

A vulnerability exists in Action View for Ruby on Rails that can lead to denial of service. When specially crafted accept headers are processed, the application may consume excessive CPU resources, ultimately rendering the server unresponsive. This issue affects several earlier versions, highlighting the importance of maintaining security updates to mitigate performance issues and ensure application availability.

Affected Version(s)

https://github.com/rails/rails 5.2.2.1

https://github.com/rails/rails 5.1.6.2

https://github.com/rails/rails 5.0.7.2

References

http://www.openwall.com/lists/oss-security/2019/03/22/1

mailing-listx_refsource_MLIST

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-...

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/rubyonrails-sec...

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2019
Vulnerability Reserved
Jan 4, 2019

.