漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
Vulnerability Description
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Rails 安全漏洞
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 rails Active Storage 8.1.2.1之前版本、8.0.4.1之前版本和7.2.3.1之前版本存在安全漏洞,该漏洞源于代理控制器未限制HTTP Range标头中的字节范围数量,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A