Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-27539

Good to know:

icon

Date: January 8, 2025

There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. The issue is fixed versions 2.2.6.4 and 3.0.6.1

Language: Ruby

Severity Score

Related Resources (14)

https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
https://security.netapp.com/advisory/ntap-20231208-0016/
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
https://www.debian.org/security/2023/dsa-5530
https://security-tracker.debian.org/tracker/CVE-2023-27539
https://security.netapp.com/advisory/ntap-20231208-0016
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
https://access.redhat.com/security/cve/CVE-2023-27539
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
https://github.com/advisories/GHSA-c6qg-cjj8-47qp
https://nvd.nist.gov/vuln/detail/CVE-2023-27539
https://github.com/rack/rack
https://www.mend.io/vulnerability-database/CVE-2023-27539

Severity Score

Top Fix

icon

Upgrade Version

Upgrade to version rack - 2.2.6.4;rack - 3.0.6.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us