Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.

Published

2024-02-27T16:15:46.600

Last Modified

2025-02-14T16:22:23.763

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-1333
Type: Primary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rubyonrails	rails	< 7.1.3.1	Yes
Application	ruby-lang	ruby	< 3.2.0	No

References

https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946 Vendor Advisory ([email protected])
https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272 Patch ([email protected])
https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq Vendor Advisory ([email protected])
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240503-0003/ Third Party Advisory ([email protected])
https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240503-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)