Overview

File CVE-2019-5418_and_CVE-2019-5419.patch of Package rubygem-actionpack-4_2.29852

diff --git actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index 53a98c5d0a..00fd3d03df 100644
--- actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -61,7 +61,7 @@ module ActionDispatch
                               false
                             end
 
-          if params_readable
+          v = if params_readable
             Array(Mime[parameters[:format]])
           elsif use_accept_header && valid_accept_header
             accepts
@@ -70,6 +70,10 @@ module ActionDispatch
           else
             [Mime::HTML]
           end
+
+          v.select do |format|
+            format.symbol || format.ref == "*/*"
+          end
         end
       end
openSUSE Build Service is sponsored by
Places