Lucene search

Denial of Service in Action Dispatch

🗓️ 05 May 2021 19:21:48Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 158 Views

Denial of Service vulnerability in Action Dispatch due to catastrophic backtracking in the regular expression engine. Fixed releases available. Monkey patch workaround provided

Reporter	Title	Published	Views	Family All 19
RedhatCVE	CVE-2021-22902	19 May 202100:25	–	redhatcve
Cvelist	CVE-2021-22902	11 Jun 202115:49	–	cvelist
Veracode	Denial Of Service (DoS)	8 May 202111:20	–	veracode
Debian CVE	CVE-2021-22902	11 Jun 202116:15	–	debiancve
OSV	CVE-2021-22902	11 Jun 202116:15	–	osv
OSV	Denial of Service in Action Dispatch	5 May 202119:48	–	osv
OSV	OPENSUSE-SU-2024:11821-1 ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	RHSA-2021:4702 Red Hat Security Advisory: Satellite 6.10 Release	18 Sep 202404:21	–	osv
NVD	CVE-2021-22902	11 Jun 202116:15	–	nvd
CVE	CVE-2021-22902	11 Jun 202116:15	–	cve

Vulners

Node

actionpack_project actionpackRange6.1.0–6.1.3.1

actionpack_project actionpackRange6.0.0–6.0.3.6

Source	Link
github	www.github.com/rails/rails/releases/tag/v6.0.3.7
github	www.github.com/rails/rails/releases/tag/v6.1.3.2
groups	www.groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-22902
hackerone	www.hackerone.com/reports/1138654
discuss	www.discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml
github	www.github.com/advisories/GHSA-g8ww-46x2-2p65

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 May 2021 19:48Current

7.4High risk

Vulners AI Score7.4

CVSS25

CVSS37.5

EPSS0.07935

CWE-400