Описание
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.
Ссылки
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
- Third Party Advisory
- Mailing List
- Third Party Advisory
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
- Third Party Advisory
- Mailing List
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.
Rack is a modular Ruby web server interface. Carefully crafted headers ...
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Уязвимость модуля Rack интерпретатора языка программирования Ruby, связанная с использованием регулярного выражения c неэффективной вычислительной сложностью, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3