CVE-2024-26142

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rails versions 7.1.0 through 7.1.3.0

Description There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This issue can cause Accept header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. Carefully crafted Accept headers can exploit this issue. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.

Recommendations For versions 7.1.0 through 7.1.3.0, upgrade to version 7.1.3.1 or apply the provided patch for the 7.1 series, 7-1-accept-redox.patch. As a temporary workaround, consider restricting access to the Accept header parsing routines in Action Dispatch until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALT-PU-2025-3714

BIT-RAILS-2024-26142

CVE-2024-26142

GHSA-JJHX-JHVP-74WQ

Affected Products

Alt Linux

Action Dispatch

Rails

Ruby

CVE-2024-26142

Weakness Enumeration

Related Identifiers

Affected Products

References · 20