rack 3.1.1
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
medium severity CVE-2024-39316>= 3.1.5
< 3.1.0
Summary
A Regular Expression Denial of Service (ReDoS) vulnerability exists
in the Rack::Request::Helpers
module when parsing HTTP Accept headers.
This vulnerability can be exploited by an attacker sending specially
crafted Accept-Encoding
or Accept-Language
headers, causing the
server to spend excessive time processing the request and leading
to a Denial of Service (DoS).
Details
The fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.