CVE-2021-22880

HIGH

Active Record <6.1.2.1, 6.0.3.5, 5.2.4.5 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-22880. PoCs published by halkichi0308.

AI-analyzed exploit summary The repository lacks exploit code and only references a HackerOne report without providing technical details or PoC implementation. It appears to be a placeholder or lure.

Description

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Exploits (1)

nomisec SUSPICIOUS 1 stars
by halkichi0308 · poc
https://github.com/halkichi0308/CVE-2021-22880

The repository lacks exploit code and only references a HackerOne report without providing technical details or PoC implementation. It appears to be a placeholder or lure.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1023899
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4929
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210805-0009/

Scores

CVSS v3 7.5
EPSS 0.0260
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (4)
fedoraproject/fedora 32
fedoraproject/fedora 33
rubygems/activerecord 5.0.0 - 5.2.4.5RubyGems
rubyonrails/rails 4.2.0 - 5.2.4.5
Published Feb 11, 2021
Tracked Since Feb 18, 2026