CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-22902

HIGH
7.5
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile37.71th
Published2021年6月11日
Last Modified2024年11月21日

Vulnerability Description

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Affected Platforms (CPE)

📦
Rubyonrails

Rails

>= 6.0.0 and < 6.0.3.7
📦
Rubyonrails

Rails

>= 6.1.0 and < 6.1.0.2

References & Advisories

🔗 https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866
🔗 https://hackerone.com/reports/1138654
🔗 https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866
🔗 https://hackerone.com/reports/1138654

相關漏洞威脅

CVE-2013-027710.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute a...

CVE-2012-457710.0

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device ...

CVE-2019-110279.8

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to int...

CVE-2018-184769.8

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database column...