2266324 – (CVE-2024-26142) CVE-2024-26142 rubygem-actionpack: Possible DoS vulnerability in Accept header

Bug 2266324 (CVE-2024-26142) - CVE-2024-26142 rubygem-actionpack: Possible DoS vulnerability in Accept header

Summary: CVE-2024-26142 rubygem-actionpack: Possible DoS vulnerability in Accept header

Keywords:
Status:	NEW
Alias:	CVE-2024-26142
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266349 2266350 2266352 2266353 2266354 2266355 2266356
Blocks:	2266322
TreeView+	depends on / blocked

Reported:	2024-02-27 15:49 UTC by Marco Benatto
Modified:	2024-09-01 08:28 UTC (History)
CC List:	19 users (show)
Fixed In Version:	rubygem-actionpack 7.1.3.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2024-02-27 15:49:05 UTC

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142.

Comment 1 Marco Benatto 2024-02-27 16:56:04 UTC

Created rubygem-actionpack tracking bugs for this issue:

Affects: fedora-all [bug 2266349]


Created rubygem-rails-observers tracking bugs for this issue:

Affects: epel-7 [bug 2266350]

Note You need to log in before you can comment on or make changes to this bug.