DEBIAN-CVE-2021-22902

DEBIAN-CVE-2021-22902 PUBLISHED CVSS 7.5 HIGH

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	rails	0, 0, 0
Debian:13	rails	0, 0, 0
Debian:11	rails	0, 0, 0
Debian:14	rails	0, 0, 0

Exploit Intelligence

.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

…and 5 more exploits

Timeline

Jun 11, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-22902 advisory

Open in Interactive Console →