Search for packages
| purl | pkg:gem/actionmailer@2.3.10 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-e3j5-xgbr-2qa1
Aliases: CVE-2013-4389 GHSA-rg5m-3fqp-6px8 OSV-98629 |
Possible DoS Vulnerability A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number` |
Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-yy6t-ybeu-qycc
Aliases: CVE-2024-47889 GHSA-h47h-mwp9-c6q6 |
Possible ReDoS vulnerability in block_format in Action Mailer There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- Users can avoid calling the `block_format` helper or upgrade to Ruby 3.2 Credits ------- Thanks to yuki_osaki for the report! |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||