| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2023-27539
Vulnerability Database
rubygems
CVE-2023-27539
Base Score
MEDIUM
5.3
CVE-2023-27539
There is a denial of service vulnerability in the header parsing component of Rack.
Vector
NETWORK
Published By
support@hackerone.com
Published Date
Jan 09, 2025, 01:15
Affected Versions
(2)
rack
(RubyGems)
Introduced
2.0.0
Fixed
2.2.6.4
Limit
N/A
rack
(RubyGems)
Introduced
3.0.0
Fixed
3.0.6.1
Limit
N/A
Package (Ecosystem)
Introduced
Fixed
Limit
rack
(RubyGems)
2.0.0
2.2.6.4
N/A
rack
(RubyGems)
3.0.0
3.0.6.1
N/A
Weakness Type (CWE)
:
NVD-CWE-noinfo
CVSS Metrics
CVSS v3.1
Base Score
5.3
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Severity
MEDIUM
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
NONE
Availability (A)
LOW
References
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
https://github.com/advisories/GHSA-c6qg-cjj8-47qp
https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
https://security.netapp.com/advisory/ntap-20231208-0016/
https://www.debian.org/security/2023/dsa-5530
Base Score
MEDIUM
5.3
Weakness Type (CWE)
:
NVD-CWE-noinfo
CVSS Metrics
CVSS v3.1
Base Score
5.3
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Severity
MEDIUM
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
NONE
Availability (A)
LOW
