Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Vulnerability Description
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Rails Action Pack 安全漏洞
Vulnerability Description
Rails Action Pack是美国Rails团队的一个web框架。提供了路由机制(将请求URL映射到动作),定义实现动作的控制器以及通过渲染视图(各种格式的模板)生成响应的机制。 Rails Action Pack存在安全漏洞,该漏洞源于在查询参数过滤例程中,精心构造的查询参数可能导致过滤过程消耗意外的时间,可能会导致拒绝服务(DoS)攻击。以下版本受到影响:3.1.0至6.1.7.9之前版本、7.0.8.5之前版本、7.1.4.1之前版本和7.2.1.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A