rack is vulnerable to Denial Of Service (DoS). The vulnerability exists in the library’s multipart MIME parser because it does not properly limit the total number of parts that can be uploaded, which allows an attacker to send maliciously crafted requests and crash the application.
CPE | Name | Operator | Version |
---|---|---|---|
rack | le | 1.6.13 | |
rack | le | 3.0.4.1 | |
rack | le | 1.2.8 | |
rack | le | 2.1.4.2 | |
rack | le | 2.2.6.2 | |
rack | le | 2.0.9.2 | |
pcs | eq | 0.9.162__5.el7.centos.1 | |
pcs | eq | 0.10.14__6.el8 | |
pcs | eq | 0.10.11__1.el8 | |
pcs | eq | 0.9.169__3.el7.centos.1 |
discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
github.com/advisories/GHSA-3h57-hmj3-gj3p
github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459
github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668
github.com/rack/rack/commit/b5d70b37168daecb6f7eb49b85b7f0d6cf971afe
github.com/rack/rack/commit/b632718265fa5ffa547b060331341a1e216b4ffa
lists.debian.org/debian-lts-announce/2023/04/msg00017.html
security.netapp.com/advisory/ntap-20231208-0015/
www.debian.org/security/2023/dsa-5530