CVE-2024-39316 (rack): Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

4 July 2024

ADVISORIES CVE-2024-39316 (NVD) GHSA-cj83-2ww7-mvq7 Vendor Advisory GEM rack SEVERITY CVSS v3.x: 6.5 (Medium) UNAFFECTED VERSIONS < 3.1.0 PATCHED VERSIONS >= 3.1.5 DESCRIPTION Summary A Regular Expression Denial of Service (ReDoS) vulnerability exists in the module when parsing HTTP Accept headers.

Source: RUBYLAND

Date:

4 July 2024

Categorie(s):

NEWS

Tag(s):

Headers, IT, Parsing, Security Pro, Vulnerability

Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development7 July 2024
Researchers Track Identities and Locations of CSAM Users via Malware Logs6 July 2024
New Mallox Ransomware Variant Targets Linux Systems6 July 2024
The Problem With Bug Bounties6 July 2024
10 Security Tips for Business Travellers This Summer5 July 2024