Ruby

Ruby

By DeepSource

rails version is susceptible to DOS attack via Mime type caching RB-A1008

Security

Selected versions of Rails till version 4.2.5 do not properly restrict the use of the MIME type caches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. Upgrading to newer versions of Rails can help fix this issue.

References

  1. CVE-2016-0751 - Rails Security Group
  2. CVE-2016-0751 - GitHub Advisory Database
  3. OWASP Top 10 - A9 - Using Components With Known Vulnerabilities