A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | rails | <Â 2:6.1.7.3+dfsg-1 | rails_2:6.1.7.3+dfsg-1_all.deb |
Debian | 11 | all | rails | <Â 2:6.0.3.7+dfsg-2+deb11u1 | rails_2:6.0.3.7+dfsg-2+deb11u1_all.deb |
Debian | 10 | all | rails | <=Â 2:5.2.2.1+dfsg-1+deb10u3 | rails_2:5.2.2.1+dfsg-1+deb10u3_all.deb |
Debian | 999 | all | rails | <Â 2:6.1.7.3+dfsg-1 | rails_2:6.1.7.3+dfsg-1_all.deb |
Debian | 13 | all | rails | <Â 2:6.1.7.3+dfsg-1 | rails_2:6.1.7.3+dfsg-1_all.deb |