Description
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Remediation
References
Related Vulnerabilities
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-9707)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0284)
WordPress Plugin WP Print Friendly Security Bypass (0.5.2)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7330)