Description
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.
Remediation
References
Related Vulnerabilities
WordPress Plugin Testimonial Cross-Site Scripting (1.5.9)
SharePoint CVE-2025-21348 Vulnerability (CVE-2025-21348)
Atlassian Jira CVE-2020-36235 Vulnerability (CVE-2020-36235)
Joomla Improper Input Validation Vulnerability (CVE-2006-4466)
WordPress Plugin Form Builder CP Unspecified Vulnerability (1.2.15)