CVE-2024-47887
ReDoS vulnerability in actionpack (RubyGems)
What is CVE-2024-47887 About?
This is a ReDoS (Regular Expression Denial of Service) vulnerability in Action Controller's HTTP Token authentication. It allows a specially crafted HTTP header to cause excessive processing time during header parsing, potentially leading to a Denial of Service (DoS) attack. The vulnerability's impact can be significant, making it a medium-to-high difficulty to exploit due to the need for a crafted input.
Affected Software
- actionpack
- >=4.0.0, <6.1.7.9
- >=7.1.0, <7.1.4.1
- >=7.2.0, <7.2.1.1
- >=7.0.0, <7.0.8.5
Technical Details
The vulnerability resides within Action Controller's HTTP Token authentication mechanism, specifically within authenticate_or_request_with_http_token or similar functions. The core issue is a regular expression that processes HTTP headers. A 'carefully crafted header' containing specific patterns can trigger catastrophic backtracking in the regular expression engine. This causes the parsing operation to consume an disproportionately large amount of CPU resources, increasing exponentially with the size or complexity of the input. If enough such requests are sent, or even a single complex request, the application server can become unresponsive, leading to a Denial of Service condition by blocking legitimate requests.
What is the Impact of CVE-2024-47887?
Successful exploitation may allow attackers to disrupt service availability, causing applications to become unresponsive or crash, leading to a Denial of Service for legitimate users.
What is the Exploitability of CVE-2024-47887?
Exploitation requires crafting a malicious HTTP header targeting applications that use HTTP Token authentication. The complexity is moderate, as it involves understanding the underlying regular expression implementation. No specific authentication is required if the HTTP token authentication endpoint is publicly accessible; thus, it can be a remote attack. There are no explicit privilege requirements beyond making a network request. The primary constraint is the attacker's ability to construct a header that triggers the ReDoS. Risk factors increase if applications do not validate or sanitize HTTP header inputs before passing them to vulnerable regex patterns.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-47887?
Available Upgrade Options
- actionpack
- >=4.0.0, <6.1.7.9 → Upgrade to 6.1.7.9
- actionpack
- >=7.0.0, <7.0.8.5 → Upgrade to 7.0.8.5
- actionpack
- >=7.1.0, <7.1.4.1 → Upgrade to 7.1.4.1
- actionpack
- >=7.2.0, <7.2.1.1 → Upgrade to 7.2.1.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
- https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
- https://osv.dev/vulnerability/GHSA-vfg9-r3fq-jvx4
- https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
- https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
- https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
- https://github.com/rails/rails
- https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
What are Similar Vulnerabilities to CVE-2024-47887?
Similar Vulnerabilities: CVE-2024-41128 , CVE-2023-26116 , CVE-2023-37903 , CVE-2023-38039 , CVE-2023-41006
