24 lines
863 B
Diff
24 lines
863 B
Diff
From 484fc9185db6c6a6a49ab458b11f9366da02bab2 Mon Sep 17 00:00:00 2001
|
|
From: John Hawthorn <john@hawthorn.email>
|
|
Date: Fri, 13 Jan 2023 15:54:40 -0800
|
|
Subject: [PATCH] Avoid regex backtracking on If-None-Match header
|
|
|
|
[CVE-2023-22795]
|
|
---
|
|
actionpack/lib/action_dispatch/http/cache.rb | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb
|
|
index 9c46c5c8a4d81..d9d6f325342ea 100644
|
|
--- a/actionpack/lib/action_dispatch/http/cache.rb
|
|
+++ b/actionpack/lib/action_dispatch/http/cache.rb
|
|
@@ -18,7 +18,7 @@ def if_none_match
|
|
end
|
|
|
|
def if_none_match_etags
|
|
- if_none_match ? if_none_match.split(/\s*,\s*/) : []
|
|
+ if_none_match ? if_none_match.split(",").each(&:strip!) : []
|
|
end
|
|
|
|
def not_modified?(modified_at)
|