There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ruby-actionpack": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-actioncable": "2:5.2.2.1+dfsg-1ubuntu1", "rails": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-activestorage": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-activesupport": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-railties": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-rails": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-activerecord": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-activejob": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-actionview": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-activemodel": "2:5.2.2.1+dfsg-1ubuntu1", "ruby-actionmailer": "2:5.2.2.1+dfsg-1ubuntu1" } ] }