Lucene search
PRIOn knowledge basePRION:CVE-2024-26142HistoryFeb 27, 2024 - 4:15 p.m.
Design/Logic Flaw
2024-02-2716:15:00
PRIOn knowledge base
www.prio-n.com
5
rails
web application
framework
redos vulnerability
accept header parsing
action dispatch
patched
ruby 3.2 unaffected
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
References
discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
Related
debiancve
debiancve
CVE-2024-26142
2024-02-27 16:15:46
cvelist
cvelist
nvd
nvd
CVE-2024-26142
2024-02-27 16:15:46
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2024-02-28 07:42:21
redhatcve
redhatcve
CVE-2024-26142
2024-02-27 17:12:02
github
github
osv
osv
CVE-2024-26142
2024-02-27 16:15:46
cve
cve
CVE-2024-26142
2024-02-27 16:15:46
ubuntucve
ubuntucve
CVE-2024-26142
2024-02-27 00:00:00
hackerone
hackerone
rubygems
rubygems
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
2024-02-20 21:00:00