CVE-2021-22902

Uncontrolled Resource Consumption in gem/rails

Identifiers

CVE-2021-22902

Package Slug

gem/rails

Vulnerability

Uncontrolled Resource Consumption

Description

There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Affected Versions

All versions starting from 6.0.0 before 6.0.3.7, all versions starting from 6.1.0 before 6.1.0.2

Solution

Upgrade to versions 6.0.3.7, 6.1.1 or above.

Last Modified

2021-05-12

source