Inefficient regular expression complexity in Action Mailer

#VU99670 Inefficient regular expression complexity in Action Mailer

Published: 2024-11-04

Vulnerability identifier: #VU99670

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47889

CWE-ID: CWE-1333

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Action Mailer
Universal components / Libraries / Programming Languages & Components

Vendor: Rails

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in the block_format helper. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Action Mailer: 3.0.0 - 7.2.1

External links
http://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
http://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
http://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
http://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
http://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for rubygem-actionmailer-5_1

Denial of service in Action Mailer