Possible ReDoS Vulnerability in Action Mailer's Block Format Helper
CVE-2024-47889
What is CVE-2024-47889?
A ReDoS (Regular Expression Denial of Service) vulnerability exists within the block_format helper in the Action Mailer framework, affecting versions 3.0.0 through the specified upper bounds. Attackers can exploit this vulnerability through specially crafted input, leading to significant delays in processing, which can result in Denial of Service conditions. To mitigate risks, it is essential for users of affected versions to upgrade to the recommended secure releases or apply necessary patches. Alternatively, utilizing Ruby version 3.2 or higher, which includes mitigations for this issue, can help prevent such exploits.
Affected Version(s)
rails >= 3.0.0, < 6.1.7.9 < 3.0.0, 6.1.7.9
rails >= 7.0.0, < 7.0.8.5 < 7.0.0, 7.0.8.5
rails >= 7.1.0, < 7.1.4.1 < 7.1.0, 7.1.4.1