Rack
CVE-2023-27530
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
AnalysisAI
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Affected products include: Rack, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
Directory traversal in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5 allows unauthenticated remote attackers to list
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 tha
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell
Rack provides an interface for developing web applications in Ruby. Rated medium severity (CVSS 5.7), this vulnerability
Rack's Directory module fails to sanitize filenames when generating HTML directory listings, allowing attackers to craft
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerabi
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products
Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today