cve/CVE-2023-22795.md at 555e9c7de4cd05afceb29c861f75c943c3c8d5d4

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 09:41:05 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

POC

Reference

No PoCs from references.

Github

https://github.com/jasnow/585-652-ruby-advisory-db
https://github.com/rubysec/ruby-advisory-db

1.1 KiB Raw Blame History

CVE-2023-22795

Description

POC

Reference

Github

1.1 KiB

Raw Blame History