7.5
CVE-2024-26142
- EPSS 3.54%
- Veröffentlicht 27.02.2024 16:15:46
- Zuletzt bearbeitet 14.02.2025 16:22:23
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginRails possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rubyonrails ≫ Rails Version >= 7.1.0 < 7.1.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.54% | 0.875 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.