CVE-2023-22795: 
Ruby vulnerability analysis and mitigation

A regular expression based Denial of Service (ReDoS) vulnerability exists in Action Dispatch versions prior to 6.1.7.1 and 7.0.4.1, specifically related to the If-None-Match header. This vulnerability was assigned identifier CVE-2023-22795 and was disclosed on January 17, 2023 (Ruby Rails Discussion).

The vulnerability occurs when processing the HTTP If-None-Match header. A specially crafted header can trigger catastrophic backtracking in the regular expression engine when running on Ruby versions below 3.2.0. This causes the process to consume excessive CPU and memory resources (Ruby Rails Discussion). The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Security).

When successfully exploited, this vulnerability can lead to a Denial of Service condition, causing the affected system to become unresponsive due to excessive resource consumption (NetApp Security).

Users are recommended to upgrade to fixed versions 6.1.7.1 or 7.0.4.1. For those unable to upgrade immediately, a temporary mitigation involves using a load balancer or other device to filter out malicious If-None-Match headers before they reach the application. Additionally, upgrading to Ruby 3.2.0 or greater will prevent this vulnerability (Ruby Rails Discussion).