Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-22880

Published: 11/02/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Rubyonrails

Vulnerability Summary

The PostgreSQL adapter in Active Record prior to 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails

fedoraproject fedora 32

fedoraproject fedora 33

Vendor Advisories

Debian Security Advisories: DSA-4929-1 rails -- security update
Multiple security issues were discovered in the Rails web framework which could result in denial of service For the stable distribution (buster), these problems have been fixed in version 2:5221+dfsg-1+deb10u3 We recommend that you upgrade your rails packages For the detailed security status of rails please refer to its security tracker page ...

Github Repositories

https://github.com/halkichi0308/CVE-2021-22880

CVE-2021-22880 Usage Creating rails-server and PoC refer to hackerOne

References

CWE-400https://hackerone.com/reports/1023899https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129https://www.debian.org/security/2021/dsa-4929https://security.netapp.com/advisory/ntap-20210805-0009/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4929
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook