CVE-2026-33658 in activestorage Gem
요약 (영어)
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
책임이 있는
GitHub_M
예약하다
2026. 03. 23.
공개
2026. 03. 27.
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 353748 | activestorage Gem 서비스 거부 | 770 | 정의되지 않음 | 공식 수정 | CVE-2026-33658 |