Lucene search
+L

5 matches found

hackerone
hackerone
added 2024/04/03 9:25 p.m.38 views

Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch

A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...

7.5CVSS6.3AI score0.01498EPSS
Exploits0
osv
osv
added 2024/02/27 9:41 p.m.42 views

GHSA-JJHX-JHVP-74WQ Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

7.5CVSS6.3AI score0.01498EPSS
Exploits0References6
redhatcve
redhatcve
added 2024/02/27 5:12 p.m.26 views

CVE-2024-26142

A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...

5.9CVSS7.4AI score0.01498EPSS
Exploits0References4
cve
cve
added 2024/02/27 3:25 p.m.126 views

CVE-2024-26142

CVE-2024-26142 affects Rails, starting from version 7.1.0, where an ReDoS in the Accept header parsing of Action Dispatch was reported. The vulnerability is mitigated by upgrading to Rails 7.1.3.1; Rails applications using Ruby 3.2 or newer are reportedly unaffected due to Ruby 3.2 mitigations. T...

7.5CVSS7.4AI score0.01498EPSS
Exploits0References5Affected Software1
rubygems
rubygems
added 2024/02/21 12:0 a.m.48 views

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...

7.5CVSS7AI score0.01498EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder