VDB
CVE-2024-47889
CVE-2024-47889
PUBLISHED
Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.
EPSS 0.32% · 55.1th percentile
Risk Scores
EPSS Score
0.32%
55.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Ruby on Rails <6.1.7.9 | |
| Open Source | Open Source Ruby on Rails <7.1.4.1 | |
| SUSE | SUSE Linux | |
| Debian | Debian Linux | |
| Open Source | Open Source Ruby on Rails <8.0.0.beta1 | |
| SUSE | SUSE openSUSE | |
| IBM | IBM License Metric Tool | |
| Ubuntu | Ubuntu Linux | |
| Open Source | Open Source Ruby on Rails <7.0.8.5 | |
| Open Source | Open Source Ruby on Rails <7.2.1.1 |
Exploit Intelligence
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 14 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Oct 15, 2024 CVE Published
- Oct 17, 2024 EPSS Score
- Oct 17, 2024 Coalition ESS Score
- Oct 18, 2024 Coalition ESS Score
- Nov 5, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Nov 26, 2024 Coalition ESS Score
- Dec 13, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
- Jan 19, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3205.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3205 advisory
- https://rubyonrails.org/2024/10/15/Rails-Versions-7-0-8-5-7-1-4-1-and-7-2-1-1-have-been-released advisory
- https://discuss.rubyonrails.org/t/cve-2024-47887-possible-redos-vulnerability-in-http-token-authentication-in-action-controller/87698 advisory
- https://discuss.rubyonrails.org/t/cve-2024-41128-possible-redos-vulnerability-in-query-parameter-filtering-in-action-dispatch/87699 advisory
- https://discuss.rubyonrails.org/t/cve-2024-47888-possible-redos-vulnerability-in-plain-text-for-blockquote-node-in-action-text/87696 advisory
- https://discuss.rubyonrails.org/t/cve-2024-47889-possible-redos-vulnerability-in-block-format-in-action-mailer/87695 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019753.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019752.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2ZXD3WUVCXVEO5FFUTSYTZJ7QX6AZ2IV/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E5RFF3ZIT4H2PQE3C2J6GEEUHXNGWLFM/ advisory
- https://www.ibm.com/support/pages/node/7178365 advisory
- https://ubuntu.com/security/notices/USN-7290-1 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4B3C7EQABILQDJAY4PQHNY5OARLFZ6WA/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3C5WPU2RXUSPKAI3EANLIGCY34ZDBZ4Y/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XJHTNJXYCEBS7N5NPJTMRZTDIN52UBE4/ advisory
- https://lists.debian.org/debian-lts-announce/2025/11/msg00026.html advisory