Lucene search

RubySecRUBY:RACK-2024-39316

HistoryJul 02, 2024 - 9:00 p.m.

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

2024-07-0221:00:00

RubySec

rubysec.com

rack

redos vulnerability

http accept headers

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

JSON

Summary

A Regular Expression Denial of Service (ReDoS) vulnerability exists
in the Rack::Request::Helpers module when parsing HTTP Accept headers.
This vulnerability can be exploited by an attacker sending specially
crafted Accept-Encoding or Accept-Language headers, causing the
server to spend excessive time processing the request and leading
to a Denial of Service (DoS).

Details

The fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
was not applied to the main branch and thus while the issue was fixed
for the Rack v3.0 release series, it was not fixed in the v3.1
release series until v3.1.5.

Affected configurations

Vulners

Node

rubyrackRange<3.1.5

VendorProductVersionCPE
rubyrack*cpe:2.3:a:ruby:rack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	rack	*	cpe:2.3:a:ruby:rack::::::::

References

github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

JSON

Related for RUBY:RACK-2024-39316