Closed mend-bolt-for-github[bot] closed 5 years ago
Declare job classes that can be run by a variety of queueing backends.
path: /var/lib/gems/2.3.0/cache/activejob-5.1.4.gem
Library home page: https://rubygems.org/gems/activejob-5.1.4.gem
Found in HEAD commit: a2d481711b5d2c79ec5451439d047b254fbcd6c2
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Publish Date: 2019-01-04
URL: CVE-2019-5419
Base Score Metrics not available
Type: Upgrade version
Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
Release Date: 2019-01-04
Fix Resolution: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-5419 - Medium Severity Vulnerability
Vulnerable Library - activejob-5.1.4.gem
Declare job classes that can be run by a variety of queueing backends.
path: /var/lib/gems/2.3.0/cache/activejob-5.1.4.gem
Library home page: https://rubygems.org/gems/activejob-5.1.4.gem
Dependency Hierarchy: - rails-5.1.4.gem (Root Library) - actionmailer-5.1.4.gem - :x: **activejob-5.1.4.gem** (Vulnerable Library)Found in HEAD commit: a2d481711b5d2c79ec5451439d047b254fbcd6c2
Vulnerability Details
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Publish Date: 2019-01-04
URL: CVE-2019-5419
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
Release Date: 2019-01-04
Fix Resolution: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1
Step up your Open Source Security Game with WhiteSource here