CVE-2023-22792

A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafted XFORWARDEDHOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process...

CVE-2023-22792

CVE-2023-22792 affects Rails Action Dispatch: vulnerable in Action Dispatch <6.0.6.1, <6.1.7.1, and

CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This...

Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

GHSA-P84V-45XJ-WWQJ ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...

GHSA-8XWW-X3G3-6JCV ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...

PT-2023-18701 · Ruby On Rails +4 · Action Dispatch +4

Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Action Dispatch component of Ruby on Rails, which can lead to a denial of service Do...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...

PT-2023-18700 · Unknown +4 · Action Dispatch +4

Name of the Vulnerable Software and Affected Versions: Action Dispatch versions prior to 6.0.6.1 Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 Description: A regular expression based DoS issue in Action Dispatch is related to insufficient input validation...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...

Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme

Plus: An offensive US hacking operation, swatters hacking Ring cameras, a Netflix password-sharing crackdown, and more...

Hacking the JFK Airport Taxi Dispatch System

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line...

PT-2025-13301

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 Description The issue arises from the vmci dispatch dgs tasklet function calling vmci read data, which uses wait event and results in an invalid sleep in an...

UBUNTU-CVE-2022-3704

DISPUTED A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

OESA-2022-1990 python-joblib security update

Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...

CVE-2022-40279

An issue was discovered in Samsung TizenRT through 3.0GBM and 3.1PRE. l2packetreceivetimeout in wpasupplicant/src/l2packet/l2packetpcap.c has a missing check on the return value of pcapdispatch, leading to a denial of service malfunction...

DEBIAN-CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

PT-2022-25317 · Samsung · Tizenrt

Name of the Vulnerable Software and Affected Versions: Samsung TizenRT versions through 3.0 GBM Samsung TizenRT version 3.1 PRE Description: An issue was discovered that leads to a denial of service, resulting in a malfunction. The problem is caused by a missing check on the return value of pcap...