CVE-2023-27530

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27530

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27530.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27530

Aliases

GHSA-3h57-hmj3-gj3p

Related

Published

2023-03-10T22:15:10Z

Modified

2024-05-30T04:02:10.062068Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

References

Affected packages

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9996d403584fb7609708f582f7647868b4444949

Affected versions

0.*

0.1

0.2

0.3

1.*

1.0

1.1

1.2

1.2.1

1.3.0

1.3.0.beta

1.3.0.beta2

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.6.0

1.6.0.beta

1.6.0.beta2

2.*

2.0.0

2.0.0.alpha

2.0.0.rc1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.9.1

v2.*

v2.0.9.2