CVE-2021-22902 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-22902 Interim 1 23 2023-02-10T00:53:46Z current 2021-05-30T14:48:24Z 2023-02-10T00:53:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-22902 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise Server for SAP All-in-One 11 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 WebYaST for SLE-11 openSUSE Tumbleweed ruby2.1-rubygem-actionpack-4_2 ruby2.5-rubygem-actionpack-5_1 ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 ruby3.0-rubygem-actionpack-6.0-6.0.4-1.2 ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 rubygem-actionpack-3_2 rubygem-actionpack-4_2 rubygem-actionpack-5_1 ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 as a component of openSUSE Tumbleweed ruby3.0-rubygem-actionpack-6.0-6.0.4-1.2 as a component of openSUSE Tumbleweed ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 as a component of openSUSE Tumbleweed ruby2.5-rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 ruby2.5-rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 ruby2.5-rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP2 rubygem-actionpack-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP2 rubygem-actionpack-3_2 as a component of SUSE Linux Enterprise Server for SAP All-in-One 11 SP4 ruby2.1-rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud 7 rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud 7 ruby2.1-rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-actionpack-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-actionpack-3_2 as a component of WebYaST for SLE-11 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. CVE-2021-22902 openSUSE Tumbleweed:ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 openSUSE Tumbleweed:ruby3.0-rubygem-actionpack-6.0-6.0.4-1.2 openSUSE Tumbleweed:ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-actionpack-5_1 SUSE Linux Enterprise High Availability Extension 15 SP1:rubygem-actionpack-5_1 SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-actionpack-5_1 SUSE Linux Enterprise High Availability Extension 15 SP2:rubygem-actionpack-5_1 SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-actionpack-5_1 SUSE Linux Enterprise High Availability Extension 15:rubygem-actionpack-5_1 SUSE Linux Enterprise Server for SAP All-in-One 11 SP4:rubygem-actionpack-3_2 SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionpack-4_2 SUSE OpenStack Cloud 7:rubygem-actionpack-4_2 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionpack-4_2 SUSE OpenStack Cloud Crowbar 8:rubygem-actionpack-4_2 SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionpack-4_2 SUSE OpenStack Cloud Crowbar 9:rubygem-actionpack-4_2 WebYaST for SLE-11:rubygem-actionpack-3_2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H