actionpack/test/dispatch/mime_type_test.rb · cc359c077fadc619dd4d098a3639b6eab22d6a06 · Rails relative code / rails-deleted-2

Mar 27, 2021

Prevent catastrophic backtracking during mime parsing · b61b9418

Security Curious authored Mar 27, 2021

The regular expression used to parse the mime type can results in
catastrophic backtracking[1] allowing for a ReDOS attack[2].

This commit uses atomic grouping[3] to prevent backtracking.

1. https://www.regular-expressions.info/catastrophic.html
2. https://en.wikipedia.org/wiki/ReDoS
3. https://www.regular-expressions.info/atomic.html

[CVE-2021-22902]

b61b9418

Prevent catastrophic backtracking during mime parsing

Security Curious authored Mar 27, 2021

The regular expression used to parse the mime type can results in
catastrophic backtracking[1] allowing for a ReDOS attack[2].

This commit uses atomic grouping[3] to prevent backtracking.

1. https://www.regular-expressions.info/catastrophic.html
2. https://en.wikipedia.org/wiki/ReDoS
3. https://www.regular-expressions.info/atomic.html

[CVE-2021-22902]