6 matches found
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This...
Regular Expression Denial Of Service (ReDoS)
actionpack is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the ifnonematchetags function of cache.rb due to inefficient regular expression complexity which allows an attacker to crash the application. The vulnerability only applies to ruby 3.2.0...
GHSA-J6GC-792M-QGM2 ReDoS based DoS vulnerability in Active Support's underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...
ReDoS based DoS vulnerability in Active Support's underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...
ReDoS based DoS vulnerability in Active Support’s underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted string passed to the underscore method ca...
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1 3.1.2 3.0.2 and 2.0.1.
...