Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Vulnerability Description
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
Rails 安全漏洞
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails 7.1.0至7.1.3.1之前版本存在安全漏洞,该漏洞源于Action Dispatch的Accept标头解析例程中存在正则表达式拒绝服务(ReDoS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A