5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.1%
rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and Forwarded headers.
discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716
github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582
github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f
github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
lists.debian.org/debian-lts-announce/2024/04/msg00022.html
security.netapp.com/advisory/ntap-20240510-0006/
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.1%