cve/CVE-2023-22795.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

0xMarcio e6ecd99f3d Update CVE sources 2024-06-07 17:53

2024-06-07 17:53:02 +00:00

1.1 KiB

Raw Permalink Blame History

CVE-2023-22795

Description

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

POC

Reference

No PoCs from references.

Github

https://github.com/bibin-paul-trustme/ruby_repo
https://github.com/jasnow/585-652-ruby-advisory-db
https://github.com/rubysec/ruby-advisory-db

1.1 KiB Raw Permalink Blame History

CVE-2023-22795

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History