Improper Resource Shutdown or Release

CVE-2021-4250

High

7.5/10

Summary

A vulnerability classified as problematic has been found in cgriego active_attr through 0.15.2. This affects the function "call" of the file "lib/active_attr/typecasting/boolean_typecaster.rb" of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory
Issue
Pull request

Advisory Timeline

Published Dec 18, 2022

Improper Resource Shutdown or Release

CVE-2021-4250

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS