The PostgreSQL adapter in Active Record prior to 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |