File 0007-CVE-2023-22795.patch of Package rubygem-actionpack-5_1.36289
From 8dc45950619a4c64d16fb9370570c996d201f9b0 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Fri, 13 Jan 2023 15:54:40 -0800
Subject: [PATCH] Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
---
actionpack/lib/action_dispatch/http/cache.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb
index 9c46c5c8a4..d9d6f32534 100644
--- a/actionpack/lib/action_dispatch/http/cache.rb
+++ b/actionpack/lib/action_dispatch/http/cache.rb
@@ -18,7 +18,7 @@ def if_none_match
end
def if_none_match_etags
- if_none_match ? if_none_match.split(/\s*,\s*/) : []
+ if_none_match ? if_none_match.split(",").each(&:strip!) : []
end
def not_modified?(modified_at)
--
2.35.1