Skip to content

Commit 6c0b402

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 429b016 commit 6c0b402

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

advisories/github-reviewed/2024/10/GHSA-h47h-mwp9-c6q6/GHSA-h47h-mwp9-c6q6.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h47h-mwp9-c6q6",
4-
"modified": "2024-10-31T19:34:56Z",
4+
"modified": "2025-01-07T21:47:36Z",
55
"published": "2024-10-15T23:35:38Z",
66
"aliases": [
77
"CVE-2024-47889"
88
],
99
"summary": "Possible ReDoS vulnerability in block_format in Action Mailer",
10-
"details": "There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.\n\nImpact\n------\n\nCarefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers can avoid calling the `block_format` helper or upgrade to Ruby 3.2\n\nCredits\n-------\n\nThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!",
10+
"details": "There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.\n\nImpact\n------\n\nCarefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers can avoid calling the `block_format` helper or upgrade to Ruby 3.2\n\nCredits\n-------\n\nThanks to yuki_osaki for the report!",
1111
"severity": [
1212
{
1313
"type": "CVSS_V4",

0 commit comments

Comments
 (0)