Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
History

Fri, 14 Feb 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Ruby-lang
Ruby-lang ruby
Rubyonrails
Rubyonrails rails
CPEs cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
Vendors & Products Ruby-lang
Ruby-lang ruby
Rubyonrails
Rubyonrails rails

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Rails
Rails rails
CPEs cpe:2.3:a:rails:rails:*:*:*:*:*:*:*:*
Vendors & Products Rails
Rails rails
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-02-13T17:41:05.743Z

Reserved: 2024-02-14T17:40:03.688Z

Link: CVE-2024-26142

cve-icon Vulnrichment

Updated: 2024-08-01T23:59:32.697Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-27T16:15:46.600

Modified: 2025-02-14T16:22:23.763

Link: CVE-2024-26142

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-02-24T00:00:00Z

Links: CVE-2024-26142 - Bugzilla