CVE-2023-27530
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
| Software | From | Fixed in |
|---|---|---|
rack
|
- | 2.0.9.3 |
|
rack
|
2.1.0 | 2.1.4.3 |
|
rack
|
2.2.0 | 2.2.6.3 |
|
rack
|
3.0.0 | 3.0.4.2 |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| rack / rack | 3.0.0 | 3.0.4.2 |
| rack / rack | 2.2.0 | 2.2.6.3 |
| rack / rack | - | 2.0.9.3 |
| rack / rack | 2.1.0 | 2.1.4.3 |
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
- https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
- https://security.netapp.com/advisory/ntap-20231208-0015
- https://security.netapp.com/advisory/ntap-20231208-0015/
- https://www.debian.org/security/2023/dsa-5530
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime