QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-22792

Back to search

CVE-2023-22792

Published: Feb 9, 2023

Modified: Mar 24, 2025

PUBLISHED

Description

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

VendorProductVersions

n/a

https://github.com/rails/rails

affected
6.0.6.1, 6.1.7.1, 7.0.4.1

Weaknesses (CWE)

CWE-400

References

DSA-5372
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now