How severe is CVE-2024-41128?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-41128?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2024-41128 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.

Related Vulnerabilities

CVE-2018-20033

CRITICAL

CVSS:9.8(Critical)

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deall...

CWE-7702018

CVE-2019-17067

CRITICAL

CVSS:9.8(Critical)

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

CWE-7702019

CVE-2023-25156

CRITICAL

CVSS:9.8(Critical)

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrad...

CWE-7702023

CVE-2023-38507

CRITICAL

CVSS:9.8(Critical)

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. The...

CWE-7702023

CVE-2024-44241

CRITICAL

CVSS:9.8(Critical)

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP ...

CWE-7702024

CVE-2021-41591

CRITICAL

CVSS:9.4(Critical)

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.

CWE-7702021