Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails 输入验证漏洞
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。 Ruby on Rails 3.2.16及之前的版本中的Action View中的actionpack/lib/action_view/template/text.rb文件存在输入验证漏洞,该漏洞源于当使用‘render:text’选项时,程序将MIME类型字符转换为symbols对象。远程攻击者
CVSS Information
N/A
Vulnerability Type
N/A