CVE-2019-5419

Published: Mar 27, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Vendor	Product	Versions
Rails	https://github.com/rails/rails	affected `5.2.2.1` affected `5.1.6.2` affected `5.0.7.2` affected `4.2.11.1`

Weaknesses (CWE)

CWE-400

References

[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View

mailing-list

x_refsource_MLIST

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI

x_refsource_CONFIRM

[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update

mailing-list

x_refsource_MLIST

RHSA-2019:0796

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:1344

vendor-advisory

x_refsource_SUSE

FEDORA-2019-1cfe24db5c

vendor-advisory

x_refsource_FEDORA

RHSA-2019:1149

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1147

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1289

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:1527

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1824

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-5419

Description

Affected Products

Weaknesses (CWE)

References