CVE-2022-44572

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-44572

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44572.json

Aliases

GHSA-rqv2-275x-2jq5

Related

DLA-3298-1
DSA-5530-1
RLSA-2023:6818
USN-5910-1

Published

2023-02-09T20:15:11Z

Modified

2023-12-08T22:15:07Z

Details

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

References

https://security.netapp.com/advisory/ntap-20231208-0014/
https://www.debian.org/security/2023/dsa-5530
https://hackerone.com/reports/1639882

Affected packages

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Fixed

d573159067d8dc64db97beff67621654754e86f2

Introduced

879ae7163a399a9ed36d876668f4ecae4ae8b9e4

Introduced

39d501a28c1fe51284addfe6dacffafb69d49849