VYPR
High severityNVD Advisory· Published Jun 11, 2021· Updated Aug 3, 2024

CVE-2021-22902

CVE-2021-22902

Description

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
actionpackRubyGems
>= 6.0.0, < 6.0.3.76.0.3.7
actionpackRubyGems
>= 6.1.0, < 6.1.3.26.1.3.2

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.