Description
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)
OpenSSL Use After Free Vulnerability (CVE-2023-0215)
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13404)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.7)