0.002 Low
EPSS
Percentile
60.8%
actionpack is vulnerable to denial of service. An attacker is able to use authenticate_or_request_with_http_token or authenticate_with_http_token for request authentication to cause an application crash.
authenticate_or_request_with_http_token
authenticate_with_http_token
discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
github.com/advisories/GHSA-7wjx-3g7j-8584
hackerone.com/reports/1101125
security.netapp.com/advisory/ntap-20210805-0009/