{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T15:49:51.122","vulnerabilities":[{"cve":{"id":"CVE-2019-5419","sourceIdentifier":"support@hackerone.com","published":"2019-03-27T14:29:01.657","lastModified":"2024-11-21T04:44:54.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive."},{"lang":"es","value":"Hay una posible vulnerabilidad de denegación de servicio (DoS) en la vista de acción en Rails, en versiones anteriores a las 5.2.2.1, 5.1.6.2, 5.0.7.2 y 4.2.11.1 donde las cabeceras de aceptación especialmente manipuladas pueden provocar que dicha vista consuma el 100 % de la CPU y haga que el servidor deje de responder."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.11.1","matchCriteriaId":"EF9998D1-8C7B-4402-930B-C370824D46AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.7.2","matchCriteriaId":"5DCD16B7-B3E7-4EE4-B8B1-B25FBE75EFFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"5.1.6.2","matchCriteriaId":"EF0BA3C0-E2A4-4FE1-B443-308B7EFA32F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndExcluding":"5.2.2.1","matchCriteriaId":"F248A4DE-4B0C-4E4C-AB38-C08F90B197F8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*","matchCriteriaId":"67F7263F-113D-4BAE-B8CB-86A61531A2AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*","matchCriteriaId":"04AC556D-D511-4C4C-B9FB-A089BB2FEFD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","matchCriteriaId":"9D7EE4B6-A6EC-4B9B-91DF-79615796673F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","matchCriteriaId":"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/03/22/1","source":"support@hackerone.com","tags":["Exploit","Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0796","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1147","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1149","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1289","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI","source":"support@hackerone.com"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","source":"support@hackerone.com"},{"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/03/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0796","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1149","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1289","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}