CVE-2022-44571

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-44571

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44571.json

Aliases

GHSA-93pm-5p5f-3ghx

Related

Published

2023-02-09T20:15:11Z

Modified

2023-12-19T01:06:40.014192Z

Details

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.

References

Affected packages

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Introduced

1a408687493175250408fe87c5046bf1adfa6386

Fixed

d573159067d8dc64db97beff67621654754e86f2

Introduced

879ae7163a399a9ed36d876668f4ecae4ae8b9e4

Introduced

39d501a28c1fe51284addfe6dacffafb69d49849

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.9.1