CVE-2023-27530

Published: Mar 10, 2023

Modified: Oct 15, 2024

PUBLISHED

Description

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Vendor	Product	Versions
n/a	https://github.com/rack/rack	affected `3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3`

Weaknesses (CWE)

CWE-400

References

https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388

[debian-lts-announce] 20230417 [SECURITY] [DLA 3392-1] ruby-rack security update

mailing-list

DSA-5530

vendor-advisory

https://security.netapp.com/advisory/ntap-20231208-0015/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-27530

Description

Affected Products

Weaknesses (CWE)

References