Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
No build reason found for pool-leap-15.4:aarch64
SUSE:SLE-12-SP3:GA
rubygem-rack
rubygem-rack-CVE-2024-26146.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-rack-CVE-2024-26146.patch of Package rubygem-rack
From 30b8e39a578b25d4bdcc082c1c52c6f164b59716 Mon Sep 17 00:00:00 2001 From: Aaron Patterson <tenderlove@ruby-lang.org> Date: Wed, 21 Feb 2024 11:05:06 -0800 Subject: [PATCH] Fixing ReDoS in header parsing Thanks svalkanov [CVE-2024-26146] --- lib/rack/utils.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: rack-1.6.13/lib/rack/utils.rb =================================================================== --- rack-1.6.13.orig/lib/rack/utils.rb +++ rack-1.6.13/lib/rack/utils.rb @@ -203,8 +203,8 @@ module Rack module_function :build_nested_query def q_values(q_value_header) - q_value_header.to_s.split(/\s*,\s*/).map do |part| - value, parameters = part.split(/\s*;\s*/, 2) + q_value_header.to_s.split(',').map do |part| + value, parameters = part.split(';', 2).map(&:strip) quality = 1.0 if md = /\Aq=([\d.]+)/.match(parameters) quality = md[1].to_f
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
