CVE-2021-22880 - AskarLabs CVE Database

CVE-2021-22880

Vendor N/A

Product https://github.com/rails/rails

Weakness CWE-400

Published February 11, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Key dates

02Disclosure timeline

February 11, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22880 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

04Related CVE

CVE-2025-54884 Vision UI security-kit.js: Potential Uncontrolled Resource Allocation Vulnerability CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation