Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-44572

Опубликовано: 09 фев. 2023
Источник: debian
EPSS Низкий

Описание

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-rackfixed2.2.4-3package

Примечания

  • https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 (v2.0.9.2)

  • https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae (v2.1.4.2)

  • https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 (v2.2.6.1)

EPSS

Процентиль: 48%
0.0025
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-44572

CVSS3: 7.5
ubuntu
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

redhat логотип

CVE-2022-44572

CVSS3: 7.5
redhat
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

nvd логотип

CVE-2022-44572

CVSS3: 7.5
nvd
больше 2 лет назад

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

github логотип

GHSA-rqv2-275x-2jq5

github
больше 2 лет назад

Denial of service via multipart parsing in Rack

fstec логотип

BDU:2024-02581

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость компонента анализа Range модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 48%
0.0025
Низкий