Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
rubygem-actionpack-5_1
0007-CVE-2023-22795.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0007-CVE-2023-22795.patch of Package rubygem-actionpack-5_1
From 8dc45950619a4c64d16fb9370570c996d201f9b0 Mon Sep 17 00:00:00 2001 From: John Hawthorn <john@hawthorn.email> Date: Fri, 13 Jan 2023 15:54:40 -0800 Subject: [PATCH] Avoid regex backtracking on If-None-Match header [CVE-2023-22795] --- actionpack/lib/action_dispatch/http/cache.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb index 9c46c5c8a4..d9d6f32534 100644 --- a/actionpack/lib/action_dispatch/http/cache.rb +++ b/actionpack/lib/action_dispatch/http/cache.rb @@ -18,7 +18,7 @@ def if_none_match end def if_none_match_etags - if_none_match ? if_none_match.split(/\s*,\s*/) : [] + if_none_match ? if_none_match.split(",").each(&:strip!) : [] end def not_modified?(modified_at) -- 2.35.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor