Описание
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
The PostgreSQL adapter in Active Record suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
Отчет
Red Hat Satellite ship affected version of rubygem-activerecord however, the product is not vulnerable to the flaw as it does not use the money field type in product code. We may update the rubygem-activerecord dependency in a future release.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-gemset | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | rubygem-activerecord | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | system | Affected | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-activerecord | Will not fix | ||
| Red Hat Satellite 6 | tfm-rubygem-activerecord | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...
EPSS
7.5 High
CVSS3