A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rack(RubyGems) | 0 | 2.0.9.3 | N/A |
| rack(RubyGems) | 2.1.0 | 2.1.4.3 | N/A |
| rack(RubyGems) | 2.2.0 | 2.2.6.3 | N/A |
| rack(RubyGems) | 3.0.0 | 3.0.4.2 | N/A |
CVSS Metrics
