Description

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

Remediation

References

CVE-2015-7581

Related Vulnerabilities

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20414)

WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)

Moodle CVE-2024-1439 Vulnerability (CVE-2024-1439)

Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800)

Severity

High

Classification

CVE-2015-7581 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities