CVE-2024-47889

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47889
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47889.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47889
Aliases
Downstream
Related
Published
2024-10-16T20:55:33Z
Modified
2025-10-09T18:06:39.979813Z
Severity
  • 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Action Mailer has possible ReDoS vulnerability in block_format
Details

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the block_format helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
9891ca89c69732a21743f0349f2995956a7802e7
Fixed
b2fbbfbcaa3d662c68a9ee21ab6cf95eccc2b4ec
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
984c3ef2775781d47efa9f541ce570daa2434a80
Fixed
f61f4ef957f80e1668797fce8a2393f3edb7ed76
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
d39db5d1891f7509cde2efc425c9d69bbb77e670
Fixed
5b5f0da552f62e85e31e2d747d52aed2a3133f48
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
fb6c4305939da06efdf2893d99130e7829c53e8b
Fixed
a1f6a13f691e0929d40b7e1b1e0d31aa69778128
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
9891ca89c69732a21743f0349f2995956a7802e7
Fixed
b2fbbfbcaa3d662c68a9ee21ab6cf95eccc2b4ec
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
984c3ef2775781d47efa9f541ce570daa2434a80
Fixed
f61f4ef957f80e1668797fce8a2393f3edb7ed76
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
d39db5d1891f7509cde2efc425c9d69bbb77e670
Fixed
5b5f0da552f62e85e31e2d747d52aed2a3133f48
Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
fb6c4305939da06efdf2893d99130e7829c53e8b
Fixed
a1f6a13f691e0929d40b7e1b1e0d31aa69778128

Affected versions

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.2.1
v7.0.2.2
v7.0.2.3
v7.0.2.4
v7.0.3
v7.0.3.1
v7.0.4
v7.0.4.1
v7.0.4.2
v7.0.4.3
v7.0.5
v7.0.5.1
v7.0.6
v7.0.7
v7.0.7.1
v7.0.7.2
v7.0.8
v7.0.8.1
v7.0.8.2
v7.0.8.3
v7.0.8.4
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.3.1
v7.1.3.2
v7.1.3.3
v7.1.3.4
v7.1.4
v7.2.0
v7.2.1