Description
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2019-2422)
WordPress Plugin Download Monitor Cross-Site Scripting (1.7.0)
Joomla! Core 3.9.x Directory Traversal (3.9.3 - 3.9.5)
Apache HTTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-1927)
SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2021-3002)