Описание
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.
A denial of service (DoS) vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability.
Меры по смягчению последствий
No mitigation is currently available for this vulnerability. The recommendation is to perform updates as soon as they are available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel8 | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Fix deferred | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2024:2953 | 22.05.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | pcs | Fixed | RHSA-2024:2007 | 23.04.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | pcs | Fixed | RHSA-2024:2007 | 23.04.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | pcs | Fixed | RHSA-2024:2584 | 30.04.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | pcs | Fixed | RHSA-2024:2584 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.
Rack is a modular Ruby web server interface. Carefully crafted content ...
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Уязвимость модуля Rack интерпретатора языка программирования Ruby, связанная с использованием регулярного выражения c неэффективной вычислительной сложностью, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3