FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rack -- possible denial of service vulnerability in header parsing

Affected packages
rubygem-rack < 3.0.6.1,3
rubygem-rack22 < 2.2.6.6,3
rubygem-rack16 < 1.6.14

Details

VuXML ID 2fdb053c-ca25-11ed-9d7e-080027f5fec9
Discovery 2023-03-13
Entry 2023-03-24

ooooooo_q reports:

Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.

References

CVE Name CVE-2023-27539
URL https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466