CVE-2021-22902 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-22902 PUBLISHED

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

EPSS 1.06% · 77.5th percentile

Risk Scores

EPSS Score

1.06%

77.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:25.10	rails	2:7.2.2.1+dfsg-7, 2:6.1.7.3+dfsg-7, 0
Ubuntu:24.04:LTS	rails	0, 2:6.1.7.3+dfsg-3, 2:6.1.7.3+dfsg-2build1
Ubuntu:Pro:20.04:LTS	rails	0, 2:5.2.2.1+dfsg-1ubuntu1, 2:5.2.3+dfsg-3
Ubuntu:Pro:16.04:LTS	rails	2:4.2.6-1ubuntu0.1~esm1, 2:4.2.6-1, 2:4.2.5.2-2
Ubuntu:Pro:22.04:LTS	rails	0, 2:6.0.3.7+dfsg-2, 2:6.1.4.1+dfsg-8ubuntu2
Ubuntu:Pro:18.04:LTS	rails	2:4.2.9-2, 2:4.2.10-0ubuntu4, 2:4.2.10-0ubuntu4+esm1

Timeline

May 5, 2021 CVE Published
Jun 12, 2021 EPSS Score
Aug 12, 2021 EPSS Score
Aug 18, 2021 CVE Updated
Dec 10, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 9, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Aug 9, 2022 EPSS Score
Oct 8, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-22902 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-22902 third-party-advisory

Open in Interactive Console →