CVE-2024-47888
ReDoS vulnerability in actiontext (RubyGems)
What is CVE-2024-47888 About?
This ReDoS vulnerability in Action Text's `plain_text_for_blockquote_node` helper can cause a Denial of Service. Carefully crafted text can trigger excessive processing time, consuming significant CPU resources. Exploitation is relatively easy for an attacker who can provide input to this helper.
Affected Software
- actiontext
- >=6.0.0, <6.1.7.9
- >=7.2.0, <7.2.1.1
- >=7.1.0, <7.1.4.1
- >=7.0.0, <7.0.8.5
Technical Details
The vulnerability is a Regular Expression Denial of Service (ReDoS) existing within the plain_text_for_blockquote_node helper in Action Text. It stems from an inefficient regular expression used within this helper. When presented with specially crafted input text that contains specific patterns, the regular expression enters a state of excessive backtracking. This causes the regex engine to take an exponential amount of time to process the input, leading to a significant increase in CPU utilization and processing time. This prolonged processing effectively locks up the application resources, resulting in a denial-of-service condition for the server. Applications running on Ruby 3.2 or newer are unaffected due to mitigations introduced in newer Ruby versions.
What is the Impact of CVE-2024-47888?
Successful exploitation may allow attackers to cause a denial of service, making the affected application or system unavailable to legitimate users.
What is the Exploitability of CVE-2024-47888?
Exploitation is of low complexity and can be triggered by a remote attacker providing carefully crafted text input to the plain_text_for_blockquote_node helper. There are no specific authentication or privilege requirements, as long as the attacker can submit content that is processed by this helper. The attack is remote and does not require local access. Special conditions include the application using Action Text and the vulnerable plain_text_for_blockquote_node helper. Applications not running Ruby 3.2 or newer are at higher risk. The primary risk factor is the public availability of input fields processed by the vulnerable helper.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-47888?
Available Upgrade Options
- actiontext
- >=6.0.0, <6.1.7.9 → Upgrade to 6.1.7.9
- actiontext
- >=7.0.0, <7.0.8.5 → Upgrade to 7.0.8.5
- actiontext
- >=7.1.0, <7.1.4.1 → Upgrade to 7.1.4.1
- actiontext
- >=7.2.0, <7.2.1.1 → Upgrade to 7.2.1.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml
- https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
- https://osv.dev/vulnerability/GHSA-wwhv-wxv9-rpgw
- https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
- https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
- https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822
- https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
- https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
What are Similar Vulnerabilities to CVE-2024-47888?
Similar Vulnerabilities: CVE-2022-23517 , CVE-2023-22797 , CVE-2023-23912 , CVE-2023-3806 , CVE-2023-45543
