CVE-2021-22880 in Ruby on Rails and Fedora Project Products
Published on February 11, 2021
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2021-22880 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2021-22880
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22880 are published in these products:
Exploit Probability
EPSS
2.46%
Percentile
84.89%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.