QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-22795

Back to search

CVE-2023-22795

Published: Feb 9, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

VendorProductVersions

n/a

https://github.com/rails/rails

affected
6.1.7.1, 7.0.4.1

Weaknesses (CWE)

CWE-400

References

DSA-5372
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now