Vulnerability Name:

CVE-2021-22902 (CCN-201281)

Assigned:2021-05-05
Published:2021-05-05
Updated:2021-08-18
Summary:The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-22902

Source: MISC
Type: Exploit, Mitigation, Patch, Vendor Advisory
https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

Source: XF
Type: UNKNOWN
rubyonrails-cve202122902-dos(201281)

Source: MISC
Type: Permissions Required, Third Party Advisory
https://hackerone.com/reports/1138654

Source: CCN
Type: Ruby on Rails Web site
Ruby on Rails

Source: CCN
Type: oss-sec Mailing List, Wed, 5 May 2021 09:36:49 -0700
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch

Source: CCN
Type: IBM Security Bulletin 6475299 (Cloud Pak for Multicloud Management)
A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.0.3.7)
  • OR cpe:/a:rubyonrails:rails:*:*:*:*:*:*:*:* (Version >= 6.1.0 and < 6.1.0.2)

    • Configuration CCN 1:
  • cpe:/a:rubyonrails:rails:6.0.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113371
    P
    		ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106778
    P
    		ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 on GA media (Moderate)
    2021-10-01
    BACK
    rubyonrails rails *
    rubyonrails rails *
    rubyonrails rails 6.0.0 -