Vulnerability Details : CVE-2021-4250
A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207.
Vulnerability category: Denial of service
Products affected by CVE-2021-4250
- cpe:2.3:a:active_attr_project:active_attr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4250
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
VulDB | |
3.5
|
LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
VulDB | 2024-02-29 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-4250
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: cna@vuldb.com (Primary)
References for CVE-2021-4250
-
https://github.com/cgriego/active_attr/issues/184
ReDoS vulnerability in ActiveAttr::Typecasting::BooleanTypecaster#call · Issue #184 · cgriego/active_attr · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://vuldb.com/?id.216207
CVE-2021-4250 | cgriego active_attr Regex boolean_typecaster.rb call denial of serviceThird Party Advisory
-
https://github.com/cgriego/active_attr/pull/185
fix ReDoS vulnerability by wonda-tea-coffee · Pull Request #185 · cgriego/active_attr · GitHubPatch;Third Party Advisory
-
https://github.com/cgriego/active_attr/releases/tag/v0.15.3
Release v0.15.3 · cgriego/active_attr · GitHubRelease Notes;Third Party Advisory
-
https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df
fix ReDoS vulnerability (#185) · cgriego/active_attr@dab95e5 · GitHubPatch;Third Party Advisory
Jump to