CVE-2023-27539

Опубликовано: 09 янв. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

There is a denial of service vulnerability in the header parsing component of Rack.

Ссылки

https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
Vendor Advisory
https://github.com/advisories/GHSA-c6qg-cjj8-47qp
Third Party Advisory
Patch
https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
Patch
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
Patch
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231208-0016/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5530
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*

Версия от 2.0.0 (включая) до 2.2.6.4 (исключая)

cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*

Версия от 3.0.0 (включая) до 3.0.6.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.0019

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-27539

CVSS3: 5.3

ubuntu

11 месяцев назад

There is a denial of service vulnerability in the header parsing component of Rack.

CVE-2023-27539

CVSS3: 5.3

redhat

больше 2 лет назад

There is a denial of service vulnerability in the header parsing component of Rack.

CVE-2023-27539

CVSS3: 5.3

debian

11 месяцев назад

There is a denial of service vulnerability in the header parsing compo ...

SUSE-SU-2023:1685-1

suse-cvrf

больше 2 лет назад

Security update for rubygem-rack

GHSA-c6qg-cjj8-47qp

github

больше 2 лет назад

Possible Denial of Service Vulnerability in Rack's header parsing

EPSS

Процентиль: 41%

0.0019

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo