Lucene search
Veracode Vulnerability DatabaseVERACODE:38529HistoryDec 20, 2022 - 2:22 a.m.
Regular Expression Denial Of Service (ReDoS)
2022-12-2002:22:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
regular expression denial of service
insecure regular expression
application crash
software vulnerability
EPSS
0.003
Percentile
66.6%
active_attr is vulnerable to regular expression denial of service.The vulnerability exists in the call function of boolean_typecaster.rb due to the usage of an insecure regular expression which allows an attacker to cause an application crash via malicious input.
References
github.com/advisories/GHSA-4whf-rmx5-8frv
github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df
github.com/cgriego/active_attr/issues/184
github.com/cgriego/active_attr/pull/185
github.com/cgriego/active_attr/releases/tag/v0.15.3
github.com/cgriego/active_attr/releases/tag/v0.15.4
vuldb.com/?id.216207
Related
osv
osv
CVE-2021-4250
2022-12-18 22:15:10
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-19 00:30:23
rubygems
rubygems
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-18 21:00:00
cvelist
cvelist
github
github
active_attr Improper Resource Shutdown or Release vulnerability
2022-12-19 00:30:23
gitlab
gitlab
Improper Resource Shutdown or Release
2022-12-19 00:00:00
nvd
nvd
CVE-2021-4250
2022-12-18 22:15:10
prion
prion
Design/Logic Flaw
2022-12-18 22:15:00
cve
cve
CVE-2021-4250
2022-12-18 22:15:10