Description
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2017-10178 Vulnerability (CVE-2017-10178)
CubeCart Improper Input Validation Vulnerability (CVE-2012-0865)
Artifactory Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10036)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.7)
WordPress Plugin BuddyPress Multiple Vulnerabilities (5.1.2)