vulnerability

FreeBSD: VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9 (CVE-2023-27539): rack -- possible denial of service vulnerability in header parsing

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 13, 2023
Added
Mar 24, 2023
Modified
Feb 18, 2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9:




ooooooo_q reports:




Carefully crafted input can cause header parsing in Rack


to take an unexpected amount of time, possibly resulting


in a denial of service attack vector. Any applications


that parse headers using Rack (virtually all Rails


applications) are impacted.





Solution(s)

freebsd-upgrade-package-rubygem-rackfreebsd-upgrade-package-rubygem-rack16freebsd-upgrade-package-rubygem-rack22
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.