Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-4250
HistoryDec 18, 2022 - 10:15 p.m.

CVE-2021-4250

2022-12-1822:15:10
CWE-404
[email protected]
web.nvd.nist.gov
2
vulnerability
cgriego active_attr
0.15.2
boolean_typecaster.rb
regex handler
denial of service
exploit
upgrade
patch
dab95e5843b01525444b82bd7b336ef1d79377df
vdb-216207

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.6%

JSON

A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.

Affected configurations

Nvd
Node
active_attr_projectactive_attrRange<0.15.3
VendorProductVersionCPE
active_attr_projectactive_attr*cpe:2.3:a:active_attr_project:active_attr:*:*:*:*:*:*:*:*

Related

osv 2
rubygems 1
cvelist 1
github 1
gitlab 1
veracode 1
prion 1
cve 1
osv
osv
CVE-2021-4250
2022-12-18 22:15:10
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-19 00:30:23
rubygems
rubygems
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-18 21:00:00
cvelist
cvelist
CVE-2021-4250 cgriego active_attr Regex boolean_typecaster.rb call denial of service
2022-12-18 00:00:00
github
github
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-19 00:30:23
gitlab
gitlab
Improper Resource Shutdown or Release
2022-12-19 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-12-20 02:22:36
prion
prion
Design/Logic Flaw
2022-12-18 22:15:00
cve
cve
CVE-2021-4250
2022-12-18 22:15:10

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.6%

JSON
Related for NVD:CVE-2021-4250
osv2rubygems1cvelist1github1gitlab1veracode1prion1cve1