事例:CVE-2022-44566: Possible Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter - rubyのコードをセキュリティの観点から見るときの参考用

事例:CVE-2022-44566: Possible Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

ActiveRecordのPostgreSQL adapterでのDoS

CVE-2022-44566 Possible Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

7.0.4.1, 6.1.7.1 で修正

問題

修正コミット

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

https://github.com/advisories/GHSA-579w-22j4-4749