CVE-2019-5419

Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 27 Mar 2019, 13:43
Last modified:04 Aug 2024, 19:54

Vulnerability Summary

Overall Risk (default)
medium
44/100
CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
12.12% MEDIUM
12% probability -0.17%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

27 Mar 2019, 13:43
Published
Vulnerability first disclosed
04 Aug 2024, 19:54
Last Modified
Vulnerability information updated

Description

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v2.0HIGHScore: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 12.12% Percentile: 94%

Techniques & Countermeasures

  • CWE-770Allocation of Resources Without Limits or Throttling

    The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

  • CWE-400Uncontrolled Resource Consumption

    The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

  • debiandebian_linux

    8.0

  • fedoraprojectfedora

    30

  • opensuseleap

    15.0 | 15.1

  • railshttps://github.com/rails/rails

    5.2.2.1 | 5.1.6.2 | 5.0.7.2 | 4.2.11.1

  • redhatcloudforms

    4.6 | 4.7

  • redhatsoftware_collections

    1.0

  • rubyonrailsrails

    < 4.2.11.1 | ≥ 5.0.0, < 5.0.7.2 | ≥ 5.1.0, < 5.1.6.2 | ≥ 5.2.0, < 5.2.2.1

References (12)