Rack vulnerable to Denial of Service

GHSA-hg78-4f6x-99wq · CVE-2018-16470

Published Nov 15, 2018 · Modified Feb 16, 2024

Description

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-16470
WEB https://access.redhat.com/errata/RHSA-2019:3172
PACKAGE https://github.com/rack/rack
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
WEB https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
WEB https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes