CVE-2021-4250

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions cgriego active attr versions up to 0.15.3

Description A problematic vulnerability has been found in the cgriego active attr component, specifically affecting the function call of the file lib/active attr/typecasting/boolean typecaster.rb of the Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used.

Recommendations To address this issue, upgrade to version 0.15.4. As a temporary workaround, consider restricting the manipulation of the argument value in the affected component until the upgrade is applied.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2021-4250

GHSA-4WHF-RMX5-8FRV

Affected Products

Active Attr

CVE-2021-4250

Weakness Enumeration

Related Identifiers

Affected Products

References · 15