-
-
Notifications
You must be signed in to change notification settings - Fork 219
/
CVE-2021-22902.yml
41 lines (37 loc) · 1.13 KB
/
CVE-2021-22902.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
gem: actionpack
framework: rails
cve: 2021-22902
ghsa: g8ww-46x2-2p65
url: https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c
title: Possible Denial of Service vulnerability in Action Dispatch
date: 2021-05-05
description: |
There is a possible Denial of Service vulnerability in the Mime type parser of
Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2021-22902.
Versions Affected: >= 6.0.0
Not affected: < 6.0.0
Fixed Versions: 6.0.3.7, 6.1.3.2
Impact
------
There is a possible Denial of Service vulnerability in Action Dispatch.
Carefully crafted Accept headers can cause the mime type parser in Action
Dispatch to do catastrophic backtracking in the regular expression engine.
Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around
the issue:
```ruby
module Mime
class Type
MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?>\s*#{MIME_PARAMETER}\s*)*)\z/
end
end
```
cvss_v3: 7.5
unaffected_versions:
- "< 6.0.0"
patched_versions:
- "~> 6.0.3, >= 6.0.3.7"
- ">= 6.1.3.2"