Lucene search

Veracode Vulnerability DatabaseVERACODE:47897

HistoryJul 04, 2024 - 6:19 a.m.

Regular Expression Denial Of Service (ReDoS)

2024-07-0406:19:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

rack

redos

http

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

JSON

rack is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is caused due to improper handling and parsing of HTTP Accept headers using regular expressions.This allows an attacker to send specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS).

CPENameOperatorVersion
rackle3.1.4
rackle3.1.4

CPE	Name	Operator	Version
	rack	le	3.1.4
	rack	le	3.1.4

References

github.com/advisories/GHSA-cj83-2ww7-mvq7

github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058

github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f

github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

JSON

Related for VERACODE:47897