发布于3月6日3月6日 Members SUSE: CVE-2023-22792: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) suse-upgrade-ruby2-5-rubygem-actionpack-5_1 suse-upgrade-ruby2-5-rubygem-actionpack-doc-5_1 References https://attackerkb.com/topics/cve-2023-22792 CVE - 2023-22792 DSA-5372
