Skip to content

Commit e4c1177

Browse files
tenderlovetenderlove
committed
Fixing ReDoS in header parsing
Thanks svalkanov [CVE-2024-26146]
1 parent f169ff7 commit e4c1177

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

lib/rack/utils.rb

+2-2
Original file line numberDiff line numberDiff line change
@@ -142,8 +142,8 @@ def build_nested_query(value, prefix = nil)
142142
end
143143

144144
def q_values(q_value_header)
145-
q_value_header.to_s.split(/\s*,\s*/).map do |part|
146-
value, parameters = part.split(/\s*;\s*/, 2)
145+
q_value_header.to_s.split(',').map do |part|
146+
value, parameters = part.split(';', 2).map(&:strip)
147147
quality = 1.0
148148
if parameters && (md = /\Aq=([\d.]+)/.match(parameters))
149149
quality = md[1].to_f

0 commit comments

Comments
 (0)