Skip to content

Commit

Permalink
Fixing ReDoS in header parsing
Browse files Browse the repository at this point in the history
Thanks svalkanov

[CVE-2024-26146]
  • Loading branch information
tenderlove committed Feb 21, 2024
1 parent 9996d40 commit 30b8e39
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/rack/utils.rb
Original file line number Diff line number Diff line change
Expand Up @@ -140,8 +140,8 @@ def build_nested_query(value, prefix = nil)
module_function :build_nested_query

def q_values(q_value_header)
q_value_header.to_s.split(/\s*,\s*/).map do |part|
value, parameters = part.split(/\s*;\s*/, 2)
q_value_header.to_s.split(',').map do |part|
value, parameters = part.split(';', 2).map(&:strip)
quality = 1.0
if md = /\Aq=([\d.]+)/.match(parameters)
quality = md[1].to_f
Expand Down

0 comments on commit 30b8e39

Please # to comment.