Description
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)
WordPress Other Vulnerability (CVE-2007-3241)
TCExam Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-20113)
WordPress Plugin Add Custom Link to WordPress Admin Bar Cross-Site Scripting (1.0)
WordPress Plugin ACF Frontend display Arbitrary File Upload (2.0.5)