Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cgriego active_attr Regex boolean_typecaster.rb call denial of service
Vulnerability Description
A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不恰当的资源关闭或释放
Vulnerability Title
ActiveAttr 安全漏洞
Vulnerability Description
ActiveAttr是Chris Griego个人开发者的一组模块。可以轻松地使用 ORM 中的功能(如ActiveRecord)创建简单的旧 Ruby 模型。 ActiveAttr 0.15.3及以前版本存在安全漏洞,该漏洞源于其Regex Handler组件中lib/active_attr/typecasting/boolean_typecaster.rb文件的函数调用对参数value的操作导致拒绝服务。该攻击方法已经被公开,存在被利用的风险。
CVSS Information
N/A
Vulnerability Type
N/A