Wonda_Tea_Coffee

**Name of the Vulnerable Software and Affected Versions** Action Dispatch versions prior to 6.1.7.1 Action Dispatch versions prior to 7.0.4.1 **Description** The issue is related to insufficient input validation in the Action Dispatch component of Ruby on Rails, which can lead to a denial of service (DoS) vulnerability. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking when using a version of Ruby below 3.2.0, leading to high CPU and memory usage. This can result in a possible DoS vulnerability. Users running affected releases should upgrade or use one of the workarounds immediately. **Recommendations** For Action Dispatch versions prior to 6.1.7.1, upgrade to version 6.1.7.1 or apply the patch `6-1-Avoid-regex-backtracking-on-If-None-Match-header.patch`. For Action Dispatch versions prior to 7.0.4.1, upgrade to version 7.0.4.1 or apply the patch `7-0-Avoid-regex-backtracking-on-If-None-Match-header.patch`. As a temporary workaround, consider using a load balancer or other device to filter out malicious `If-None-Match` headers before they reach the application.