VulnerableCode Package Details - pkg:rpm/redhat/rubygem-actionpack@6.1.7.3-1?arch=el8sat

Search for packages

Vulnerability	Summary	Fixed by
VCID-63gy-6njy-kbd8 Aliases: CVE-2023-22792 GHSA-p84v-45xj-wwqj GMS-2023-58	ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.	There are no reported fixed by versions.
VCID-hppf-a715-r7b2 Aliases: CVE-2023-22795 GHSA-8xww-x3g3-6jcv GMS-2023-56	ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-63gy-6njy-kbd8
Aliases:
CVE-2023-22792
GHSA-p84v-45xj-wwqj
GMS-2023-58

ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

There are no reported fixed by versions.

VCID-hppf-a715-r7b2
Aliases:
CVE-2023-22795
GHSA-8xww-x3g3-6jcv
GMS-2023-56

ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:40.566565+00:00	RedHat Importer	Affected by	VCID-63gy-6njy-kbd8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json	38.0.0
2026-04-01T13:55:40.542272+00:00	RedHat Importer	Affected by	VCID-hppf-a715-r7b2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json	38.0.0

2026-04-01T13:55:40.566565+00:00

RedHat Importer

Affected by

VCID-63gy-6njy-kbd8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

38.0.0

2026-04-01T13:55:40.542272+00:00

RedHat Importer

Affected by

VCID-hppf-a715-r7b2

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.4