CVE-2023-27530

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-27530
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27530.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-27530
Aliases
Downstream
Related
Published
2023-03-10T22:15:10.497Z
Modified
2026-02-05T04:28:51.758056Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

References

Affected packages

Git / github.com/rack/rack

Affected ranges

Type
GIT
Repo
https://github.com/rack/rack
Events
Introduced
52901caf09ebcda879512a8605059963a49df55d
Fixed
5c18f306ef0d26917d490aa1f686dd68de738384
Introduced
879ae7163a399a9ed36d876668f4ecae4ae8b9e4
Fixed
7bdc55dd21ec76811ad74c1ae14c1588d2f2ca49
Fixed
9996d403584fb7609708f582f7647868b4444949
Introduced
39d501a28c1fe51284addfe6dacffafb69d49849
Fixed
d6b5b2bab88f458fb048133604faebea952d8133

Affected versions

2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.4.1
2.2.0
2.2.3
2.2.3.1
2.2.4
3.*
3.0.0
v2.*
v2.1.4.2
v2.2.1
v2.2.2
v2.2.5
v2.2.6
v2.2.6.1
v2.2.6.2
v3.*
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27530.json"