All vulnerabilities

CVE-2024-25126

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Description

Summary

module Rack
  class MediaType
    SPLIT_PATTERN = %r{\s*[;,]\s*}

The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.

PoC

A simple HTTP request with lots of blank characters in the content-type header:

request["Content-Type"] = (" " * 50_000) + "a,"

Impact

It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
5.3
Severity
Medium
Ecosystem
RubyGems
Publish Date
February 28, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Versions