FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rack -- possible DoS vulnerability in multipart MIME parsing

Affected packages
rubygem-rack <,3
rubygem-rack22 <,3
rubygem-rack16 < 1.6.14


VuXML ID f0798a6a-bbdb-11ed-ba99-080027f5fec9
Discovery 2023-03-03
Entry 2023-03-06

Aaron Patterson reports:

The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.


CVE Name CVE-2023-27530