CVE-2023-27530

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27530

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27530.json

Aliases

GHSA-3h57-hmj3-gj3p

Related

ALSA-2023:2652
ALSA-2023:3082
DLA-3392-1
DSA-5530-1
RLSA-2023:2652
RLSA-2023:3082
RLSA-2023:6818

Published

2023-03-10T22:15:10Z

Modified

2023-12-08T22:15:07Z

Details

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

References

https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
https://security.netapp.com/advisory/ntap-20231208-0015/
https://www.debian.org/security/2023/dsa-5530
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html

Affected packages

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Fixed

9996d403584fb7609708f582f7647868b4444949

Introduced

879ae7163a399a9ed36d876668f4ecae4ae8b9e4

Introduced

39d501a28c1fe51284addfe6dacffafb69d49849

Introduced

52901caf09ebcda879512a8605059963a49df55d