Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in middleware/cookies.rb, which an attacker can trigger by sending a malicious cookie in combination with a malicious XFORWARDEDHOST header. NOTE: Patches have been released to address this...