发布时间: 2024年5月27日
修改时间: 2024年5月27日
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 7.5 | 7.5 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-2208 | Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. | 2024年5月27日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | rubygem-actionpack | Unaffected |
| KY3.4-5 | rubygem-actionpack | Unaffected |
| KY3.5.1 | rubygem-actionpack | Unaffected |
| KY3.5.2 | rubygem-actionpack | Unaffected |
