Описание
Rack vulnerable to Denial of Service
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-16470
- https://access.redhat.com/errata/RHSA-2019:3172
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
- https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
- https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
Пакеты
rack
>= 2.0.4, < 2.0.6
2.0.6
Связанные уязвимости
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
There is a possible DoS vulnerability in the multipart parser in Rack ...
Уязвимость модуля Rack интерпретатора языка программирования Ruby, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании