CVE-2015-3225
rack Critical
Denial of Service
Discovered over 5 years ago
Published over 5 years ago
Category: Denial of Service
Severity: Critical

Carefully crafted requests can cause a SystemStackError and potentially cause a denial of service attack.

All users running an affected release should upgrade.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.6.2 ~> 1.5.4 ~> 1.4.6

Unaffected Versions

n/a

References

n/a

CVE-2017-9050
nokogiri Critical
Denial of Service
Discovered about 3 years ago
Published about 3 years ago
Category: Denial of Service
Source: GitHub
Severity: Critical

The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5.

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663)

It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375)

It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376)

Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047)

Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048)

Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.8.1

Unaffected Versions

n/a

References

n/a

CVE-2019-5419
actionview Severe
Denial of Service
Discovered over 1 year ago
Published over 1 year ago
Category: Denial of Service
Severity: Severe

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419.

Impact

Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Workarounds

This vulnerability can be mitigated by wrapping render calls with respond_to blocks. For example, the following example is vulnerable:

class UserController < ApplicationController
  def index
    render "index"
  end
end

But the following code is not vulnerable:

class UserController < ApplicationController
  def index
    respond_to |format|
      format.html { render "index" }
    end
  end
end

Implicit rendering is impacted, so this code is vulnerable:

class UserController < ApplicationController
  def index
  end
end

But can be changed this this:

class UserController < ApplicationController
  def index
    respond_to |format|
      format.html { render "index" }
    end
  end
end

Alternatively to specifying the format, the following monkey patch can be applied in an initializer:

$ cat config/initializers/formats_filter.rb
# frozen_string_literal: true

ActionDispatch::Request.prepend(Module.new do
  def formats
    super().select do |format|
      format.symbol || format.ref == "*/*"
    end
  end
end)

Credits

Thanks to John Hawthorn john@hawthorn.email of GitHub

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 6.0.0.beta3 ~> 5.2.2 >= 5.2.2.1 ~> 5.1.6 >= 5.1.6.2 ~> 5.0.7 >= 5.0.7.2 ~> 4.2.11 >= 4.2.11.1

Unaffected Versions

n/a

References

n/a

CVE-2018-14404
nokogiri Severe
Denial of Service
Discovered almost 2 years ago
Published about 2 years ago
Category: Denial of Service
Source: GitHub
Severity: Severe

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application

Canonical rates this vulnerability as “Priority: Medium”

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.8.5

Unaffected Versions

n/a

References

n/a

CVE-2014-10077
i18n Severe
Denial of Service
Discovered almost 2 years ago
Published about 6 years ago
Category: Denial of Service
Source: GitHub
Severity: Severe

i18n Gem for Ruby contains a flaw in the Hash#slice() function in lib/i18n/core_ext/hash.rb that is triggered when calling a hash when :some_key is in keep_keys but not in the hash. This may allow an attacker to cause the program to crash.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 0.8.0

Unaffected Versions

n/a

References

n/a

CVE-2016-0751
rails Severe
Attribute Restriction
Discovered almost 5 years ago
Published over 4 years ago
Category: Attribute Restriction
Source: NIST NVD
Severity: Severe

There is a possible object leak which can lead to a denial of service vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-0751.

Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1

Impact

A carefully crafted accept header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases

The FIXED releases are available at the normal locations.

Workarounds

This attack can be mitigated by a proxy that only allows known mime types in the Accept header.

Placing the following code in an initializer will also mitigate the issue:

require 'action_dispatch/http/mime_type' 

Mime.const_set :LOOKUP, Hash.new { |h,k| 
  Mime::Type.new(k) unless k.blank? 
} 

Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

  • 5-0-mime_types_leak.patch - Patch for 5.0 series
  • 4-2-mime_types_leak.patch - Patch for 4.2 series
  • 4-1-mime_types_leak.patch - Patch for 4.1 series
  • 3-2-mime_types_leak.patch - Patch for 3.2 series

Please note that only the 4.1.x and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits

Aaron Patterson <3<3

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None None None Partial
Patched Versions

>= 5.0.0.beta1.1 ~> 4.2.5 >= 4.2.5.1 ~> 4.1.14 >= 4.1.14.1 ~> 3.2.22.1

Unaffected Versions

n/a

CVE-2017-15412
nokogiri Moderate
Denial of Service
Discovered over 2 years ago
Published over 2 years ago
Category: Denial of Service
Source: GitHub
Severity: Moderate

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6.

It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.8.2

Unaffected Versions

n/a

References

n/a

CVE-2017-16932
nokogiri Moderate
Denial of Service
Discovered over 2 years ago
Published over 2 years ago
Category: Denial of Service
Source: GitHub
Severity: Moderate

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5.

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.8.1

Unaffected Versions

n/a

References

n/a