Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-06-09
Full Version: HackerOne Disclosed Reports - 2026-06-09
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

Yesterday, 12:30 PM
Logo
Low
resolved

Action Text ReDoS (Ruby 3.1 or lower)


Bug reported by ooooooo_q was disclosed at June 9, 2026, 4:37 am   |   Uncontrolled Resource Consumption

A vulnerability was discovered in the ActionText component of the Rails web framework for Ruby versions 3.1 and lower. The vulnerability was caused by a Regular Expression Denial of Service (ReDoS) issue in the plain_text_for_blockquote_node method. This method was used in the ActionText::Fragment#to_plain_text functionality. The vulnerability could be triggered by crafting malicious text and calling the to_plain_text method. The vulnerability was resolved in later versions of Ruby.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-06-09