Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
Vulnerability Description
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Rails 安全漏洞
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 rails Active Storage 8.1.2.1之前版本、8.0.4.1之前版本和7.2.3.1之前版本存在安全漏洞,该漏洞源于代理控制器未限制HTTP Range标头中的字节范围数量,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A