rubyonrails rails CVE-2021-22880 in Ruby on Rails and Fedora Project Products
Published on February 11, 2021

product logo product logo
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2021-22880 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2021-22880

stack.watch emails you whenever new vulnerabilities are published in Ruby on Rails Rails or Fedora Project Fedora. Just hit a watch button to start following.

Ruby on Rails Rails
 
Fedora Project Fedora
 

Exploit Probability

EPSS
2.46%
Percentile
85.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.