GHSA-CJ83-2WW7-MVQ7 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

Internet Bug Bounty: ReDoS Vulnerability in HTTP Accept Headers Parsing

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Rack::Request::Helpers module when parsing HTTP Accept headers. The vulnerability was caused by a lack of fix in the Rack v3.1 release series until v3.1.5...