5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25126

GHSA ID

GHSA-22f2-v57c-j9cx

EPSS Score

0.55562%

CWE

CWE-1333

Published

2/28/2024

Updated

6/10/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-25126

CVE-2024-25126: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary

module Rack
  class MediaType
    SPLIT_PATTERN = %r{\s*[;,]\s*}

The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.

PoC

A simple HTTP request with lots of blank characters in the content-type header:

request["Content-Type"] = (" " * 50_000) + "a,"

Impact

It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-25126

CVE-2024-25126:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25126

GHSA ID

GHSA-22f2-v57c-j9cx

EPSS Score

0.55562%

CWE

CWE-1333

Published

2/28/2024

Updated

6/10/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rack	rubygems	>= 3.0.0, < 3.0.9.1	3.0.9.1
rack	rubygems	>= 0.4, < 2.2.8.1	2.2.8.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the SPLIT_PATTERN regex (%r{\s*[;,]\s*}) used in MediaType class methods. Both type() and params() methods utilize this regex for splitting operations. The regex's \s* quantifiers on both sides of [;,] create a 2nd degree polynomial ReDoS vulnerability when processing inputs with long whitespace prefixes. The commit patching this vulnerability specifically modifies these two methods to use a simpler regex and handle whitespace stripping manually, confirming their involvement in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-25126: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary

PoC

Impact

CVE-2024-25126:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

5.3

5.3

CVE-2024-25126: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary

PoC

Impact

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI