CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

AstraLinux•added 2026/01/13 2:1 p.m.•3 views

Astra Linux – Vulnerability in ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...

7.5CVSS5.2AI score0.00448EPSS

Exploits1References3

SUSE CVE•added 2025/10/13 11:23 p.m.•5 views

SUSE CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

7.5CVSS6.8AI score0.00448EPSS

Exploits1References3

Github Security Blog•added 2025/10/10 8:28 p.m.•14 views

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

7.5CVSS6.9AI score0.00448EPSS

Exploits1References10Affected Software1

NVD•added 2025/10/10 8:15 p.m.•5 views

CVE-2025-61921

7.5CVSS0.00448EPSS

Exploits1References5

OSV•added 2025/10/10 8:15 p.m.•6 views

UBUNTU-CVE-2025-61921

7.5CVSS7.3AI score0.00448EPSS

Exploits1References3

Vulnrichment•added 2025/10/10 7:28 p.m.•7 views

CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation

6.9CVSS6.3AI score0.00448EPSS

Exploits1References5

EUVD•added 2025/10/10 7:28 p.m.•9 views

EUVD-2025-33767

6.9CVSS6.2AI score0.00448EPSS

Exploits1References7

OSV•added 2025/10/10 7:28 p.m.•6 views

CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation

6.9CVSS6.8AI score0.00448EPSS

Exploits1References7

RubySec•added 2025/10/10 12:0 a.m.•9 views

Sinatra is vulnerable to ReDoS through ETag header value generation

7.5CVSS6.5AI score0.00448EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2025/10/10 12:0 a.m.•5 views

PT-2025-41597

Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0 Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and...

6.9CVSS6.6AI score0.00448EPSS

Exploits1References17

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-22795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If- None-Match header. A specially crafted HTTP If-None-Match...

7.5CVSS6.5AI score0.02278EPSS

Exploits0References2

RedHat Linux•added 2023/11/08 2:26 p.m.•6 views

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS6.7AI score0.02278EPSS

Exploits0References5

Microsoft CVE•added 2023/02/18 8:0 a.m.•2 views

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

...

7.5CVSS6.4AI score0.02278EPSS

Exploits0

ATTACKERKB•added 2023/02/09 8:15 p.m.•2 views

CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This...

7.5CVSS6.7AI score0.02278EPSS

Exploits0References4

NVD•added 2023/02/09 8:15 p.m.•21 views

CVE-2023-22795

7.5CVSS8.4AI score0.02278EPSS

Exploits0References3

OSV•added 2023/02/09 8:15 p.m.•8 views

AZL-13562 CVE-2023-22795 affecting package ruby for versions less than 3.1.4-1

7.5CVSS6.7AI score0.02278EPSS

Exploits0References1

OSV•added 2023/02/09 8:15 p.m.•4 views

UBUNTU-CVE-2023-22795

7.5CVSS6.6AI score0.02278EPSS

Exploits0References4

UbuntuCve•added 2023/02/09 8:15 p.m.•34 views

CVE-2023-22795

7.5CVSS6.7AI score0.02278EPSS

Exploits0References3

RedhatCVE•added 2023/01/26 2:35 p.m.•52 views

CVE-2023-22795

7.5CVSS7.2AI score0.02278EPSS

Exploits0References4

Snyk•added 2023/01/18 6:20 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the ifnonematch header in http/cache.rb. An attacker can cause resource exhaustion with a malicious If-None-Match header if a version of Ruby below 3.2.0 is in use. NOTE: Patches have been...

7.5CVSS6.8AI score0.02278EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by