Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-22880

Опубликовано: 11 фев. 2021
Источник: debian
EPSS Низкий

Описание

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
railsfixed2:6.0.3.5+dfsg-1package
railsnot-affectedstretchpackage

Примечания

  • https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

  • https://hackerone.com/reports/1023899

  • https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main)

  • https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)

  • https://github.com/rails/rails/commit/bf0ef9df1793046241c26b3fb92fac551d1628b4 (5.2-stable)

EPSS

Процентиль: 85%
0.02459
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-22880

CVSS3: 7.5
ubuntu
почти 5 лет назад

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

redhat логотип

CVE-2021-22880

CVSS3: 7.5
redhat
почти 5 лет назад

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

nvd логотип

CVE-2021-22880

CVSS3: 7.5
nvd
почти 5 лет назад

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

suse-cvrf логотип

openSUSE-SU-2021:3634-1

suse-cvrf
около 4 лет назад

Security update for rubygem-activerecord-5_1

suse-cvrf логотип

openSUSE-SU-2021:1468-1

suse-cvrf
около 4 лет назад

Security update for rubygem-activerecord-5_1

EPSS

Процентиль: 85%
0.02459
Низкий