Описание
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 2.2.4-3 |
| esm-apps/bionic | released | 1.6.4-4ubuntu0.2+esm4 |
| esm-apps/focal | released | 2.0.7-2ubuntu0.1+esm3 |
| esm-apps/jammy | released | 2.1.4-5ubuntu1+esm3 |
| esm-apps/xenial | released | 1.6.4-3ubuntu0.2+esm4 |
| esm-infra-legacy/trusty | not-affected | 1.5.2-3+deb8u3ubuntu1~esm6 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 2.1.4-5ubuntu1.1 |
| kinetic | ignored | end of life, was needed |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS3
Связанные уязвимости
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
There is a denial of service vulnerability in the Content-Disposition ...
Denial of Service Vulnerability in Rack Content-Disposition parsing
Уязвимость модульного интерфейса между веб-серверами и веб-приложениями Rack, связанная с неконтролируемым потреблением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3