CVE-2021-22904
gem/rails
Uncontrolled Resource Consumption
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticate_or_request_with_http_token
or authenticate_with_http_token
for request authentication.
All versions before 5.2.4.6, all versions starting from 5.2.5 before 5.2.6, all versions starting from 6.0.0 before 6.0.3.7, all versions starting from 6.1.0 before 6.1.3.2
Upgrade to versions 5.2.4.6, 5.2.6, 6.0.3.7, 6.1.3.2 or above.
2021-05-12
source |