A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
References
Link | Resource |
---|---|
https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20231208-0015/ | |
https://www.debian.org/security/2023/dsa-5530 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2023, 02:46
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5530 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html - Mailing List, Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
22 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rack Project rack
Rack Project |
|
CWE | CWE-770 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:* | |
References | (MISC) https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 - Patch, Vendor Advisory |
10 Mar 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-10 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-27530
Mitre link : CVE-2023-27530
CVE.ORG link : CVE-2023-27530
JSON object : View
Products Affected
rack_project
- rack
debian
- debian_linux