7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%
rack is vulnerable to Regular Expression Denial of Service(ReDoS). The vulnerability exists in the handle_mime_head
function of multipart.rb
due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious input with the Content-Disposition
header.
discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
github.com/advisories/GHSA-93pm-5p5f-3ghx
github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3
github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8
github.com/rack/rack/commit/b79bb5ac6e7478aa02f624bd9ef00b25c2502af5
github.com/rack/rack/releases/tag/v2.0.9.2
github.com/rack/rack/releases/tag/v2.1.4.2
github.com/rack/rack/releases/tag/v3.0.4.1
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml
security.netapp.com/advisory/ntap-20231208-0013/
www.debian.org/security/2023/dsa-5530
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
24.1%