CVE-2021-4250
cgriego active_attr Regex boolean_typecaster.rb call denial of service
CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.
| CWE | CWE-404 |
| Vendor | cgriego |
| Product | active_attr |
| Published | Dec 18, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for cgriego active_attr
Be the first to know when new low vulnerabilities affecting cgriego active_attr are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
cgriego / active_attr
0.15.0 0.15.1 0.15.2
References
vuldb.com: https://vuldb.com/?id.216207 github.com: https://github.com/cgriego/active_attr/issues/184 github.com: https://github.com/cgriego/active_attr/pull/185 github.com: https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df github.com: https://github.com/cgriego/active_attr/releases/tag/v0.15.3