Description
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Remediation
References
Related Vulnerabilities
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-1755)
Oracle HTTP Server CVE-2021-2315 Vulnerability (CVE-2021-2315)
WordPress Plugin Smart Flv 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities (1.0)
Moodle Missing Authorization Vulnerability (CVE-2019-14883)
WordPress Plugin Advanced Permalinks Cross-Site Scripting (0.1.19)