Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Ruby on Rails Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2026-33658 - Vulnerability Database
Ruby on Rails

Ruby on Rails Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2026-33658

Medium
Reference: CVE-2026-33658
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33658
Title: Ruby on Rails Allocation of Resources Without Limits or Throttling Vulnerability
Overview:

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1 8.0.4.1 and 7.2.3.1 Active Storage39s proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file possibly resulting in a DoS vulnerability. Versions 8.1.2.1 8.0.4.1 and 7.2.3.1 contain a patch.