There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| actionview(RubyGems) | 4.0.0 | 4.2.11.1 | N/A |
| actionview(RubyGems) | 5.2.0 | 5.2.2.1 | N/A |
| actionview(RubyGems) | 5.1.0 | 5.1.6.2 | N/A |
| actionview(RubyGems) | 5.0.0 | 5.0.7.2 | N/A |
| actionview(RubyGems) | 6.0.0.beta1 | 6.0.0.beta3 | N/A |
CVSS Metrics
