Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-22796

Published: 09/02/2023 Updated: 02/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Activesupport Project

Vulnerability Summary

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

activesupport project activesupport

Vendor Advisories

Red Hat: Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update
Synopsis Moderate: Logging Subsystem 574 - Red Hat OpenShift bug fix and security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 574 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed ...
Debian CVElist Bug Report Logs: rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566
Debian Bug report logs - #1030050 rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566 Package: src:rails; Maintainer for src:rails is Debian Ruby Team &lt;pkg-ruby-extras-maintainers@listsaliothdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inutilorg&gt; Date: Mon, 30 Jan 2023 18:00:01 UT ...
Debian Security Advisories: DSA-5372-1 rails -- security update
Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-1333https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116https://www.debian.org/security/2023/dsa-5372https://security.netapp.com/advisory/ntap-20240202-0009/https://access.redhat.com/errata/RHSA-2023:4341https://www.debian.org/security/2023/dsa-5372https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook