Skip to main content

Activesupport

2 CVEs product

Monthly

CVE-2023-22796 Ruby HIGH PATCH This Week

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Activesupport
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-3779 Ruby CRITICAL POC Act Now

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Activesupport
NVD
CVSS 3.0
9.8
EPSS
6.1%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Activesupport
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Activesupport
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy