Security Advisory

CVE-2021-22904

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-11 15:49:38

Last updated 2024-08-03 18:58:25

Assigner hackerone

State PUBLISHED

Description

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

← Browse all CVEs View on cve.org ↗