FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rack -- possible denial of service vulnerability in header parsing

Affected packages
rubygem-rack <,3
rubygem-rack22 <,3
rubygem-rack16 < 1.6.14


VuXML ID 2fdb053c-ca25-11ed-9d7e-080027f5fec9
Discovery 2023-03-13
Entry 2023-03-24

ooooooo_q reports:

Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.


CVE Name CVE-2023-27539