CVE-2021-22904

Uncontrolled Resource Consumption in gem/rails

Identifiers

CVE-2021-22904

Package Slug

gem/rails

Vulnerability

Uncontrolled Resource Consumption

Description

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_http_token for request authentication.

Affected Versions

All versions before 5.2.4.6, all versions starting from 5.2.5 before 5.2.6, all versions starting from 6.0.0 before 6.0.3.7, all versions starting from 6.1.0 before 6.1.3.2

Solution

Upgrade to versions 5.2.4.6, 5.2.6, 6.0.3.7, 6.1.3.2 or above.

Last Modified

2021-05-12

source