1. CVE-Search
  2. CVE-2021-22902
ID CVE-2021-22902
Summary The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
References
Vulnerable Configurations
  • cpe:2.3:a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:6.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:6.1.0:rc2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-08-2021 - 19:13)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
Last major update 18-08-2021 - 19:13
Published 11-06-2021 - 16:15
Last modified 18-08-2021 - 19:13
Back to Top