Description

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Remediation

References

CVE-2021-22902

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)

WordPress Plugin FreeMind WP Browser Cross-Site Request Forgery (1.2)

MySQL CVE-2013-1531 Vulnerability (CVE-2013-1531)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36290)

WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)

Severity

High

Classification

CVE-2021-22902 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities