Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-27530 cve-2023-27530

Source

Debian Bug report logs - #1032803
ruby-rack: CVE-2023-27530

Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 11 Mar 2023 20:12:02 UTC

Severity: important

Tags: security, upstream

Found in version ruby-rack/2.2.4-3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#1032803; Package src:ruby-rack. (Sat, 11 Mar 2023 20:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Ruby Team <pkg-ruby-extras-maintainers@lists.alioth.debian.org>. (Sat, 11 Mar 2023 20:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: ruby-rack
Version: 2.2.4-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for ruby-rack.

CVE-2023-27530[0]:
| A DoS vulnerability exists in Rack &lt;v3.0.4.2, &lt;v2.2.6.3,
| &lt;v2.1.4.3 and &lt;v2.0.9.3 within in the Multipart MIME parsing
| code in which could allow an attacker to craft requests that can be
| abuse to cause multipart parsing to take longer than expected.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-27530
    https://www.cve.org/CVERecord?id=CVE-2023-27530
[1] https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Mar 14 13:09:05 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ruby-rack: CVE-2023-27530

Debian Bug report logs - #1032803
ruby-rack: CVE-2023-27530

Vulmon Search

About

Products

Connect

ruby-rack: CVE-2023-27530

Debian Bug report logs - #1032803 ruby-rack: CVE-2023-27530

Vulmon Search

About

Products

Connect

Debian Bug report logs - #1032803
ruby-rack: CVE-2023-27530