CVE-2019-5419

Summary

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Affected Software

VendorProductVersion RangeStatus
Railshttps://github.com/rails/rails5.2.2.1affected
Railshttps://github.com/rails/rails5.1.6.2affected
Railshttps://github.com/rails/rails5.0.7.2affected
Railshttps://github.com/rails/rails4.2.11.1affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References