Home > Vulnerability Database > CVE-2024-26142

Mend.io Vulnerability Database

CVE-2024-26142

Good to know:

Date: February 27, 2024

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.

Language: Ruby

Severity Score

7.5

Related Resources (7)

Url: https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26142

Url: https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml

Url: https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272

Url: https://security.netapp.com/advisory/ntap-20240503-0003/

Url: https://www.mend.io/vulnerability-database/CVE-2024-26142

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version rails - 7.1.3.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26142

Good to know:

Date: February 27, 2024

Language: Ruby

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?