vulnerability
Arch Linux: Denial of service (CVE-2021-32740)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jul 6, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jul 6, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An uncontrolled resource consumption vulnerability exists in ruby-addressable after version 2.3.0 and before version 2.8.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-32740
- https://attackerkb.com/topics/CVE-2021-32740
- URL-https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc
- URL-https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/
- URL-https://security.archlinux.org/ASA-202107-19
- CWE-400
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.