How severe is CVE-2024-39316?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-39316?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2024-39316

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-1333

View all →

Vulnerability Description

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. Users of versions on the 3.1 branch should upgrade to version 3.1.5 to receive the fix.

CVE-2019-16215

MEDIUM

CVSS:6.5(Medium)

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server ...

CWE-13332019

CVE-2021-25292

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CWE-13332021

CVE-2021-39933

MEDIUM

CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A r...

CWE-13332021

CVE-2021-39940

MEDIUM

CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

CWE-13332021

CVE-2021-4437

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages...

CWE-13332021

CVE-2021-46823

MEDIUM

CVSS:6.5(Medium)

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP sche...

CWE-13332021

CVE-2024-39316

Vulnerability Description

Related Vulnerabilities

CVE-2019-16215

CVE-2021-25292

CVE-2021-39933

CVE-2021-39940

CVE-2021-4437

CVE-2021-46823