[CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability

Disclosed: 2024-05-24 15:17:19 By svalkanov To ibb

Low

Vulnerability Details

I've made a report and provided a patch https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 ## Impact Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted.

Actions

View on HackerOne

Report Stats

Report ID: 2446433
State: Closed
Substate: resolved
Upvotes: 27

[CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability

Vulnerability Details

Actions

Report Stats

Share this report