+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-09 (/Thread-HackerOne-Disclosed-Reports-2026-06-09)
HackerOne disclosed reports - 2026-06-09 - hashXploiter - 06-10-2026
Low
resolved
resolved
Action Text ReDoS (Ruby 3.1 or lower)
Bug reported by ooooooo_q was disclosed at June 9, 2026, 4:37 am | Uncontrolled Resource Consumption
A vulnerability was discovered in the ActionText component of the Rails web framework for Ruby versions 3.1 and lower. The vulnerability was caused by a Regular Expression Denial of Service (ReDoS) issue in the plain_text_for_blockquote_node method. This method was used in the ActionText::Fragment#to_plain_text functionality. The vulnerability could be triggered by crafting malicious text and calling the to_plain_text method. The vulnerability was resolved in later versions of Ruby.