CVE-2023-27530
ruby-rack - security update
7.5
HIGH
CVSS 3.1
EPSS 2.0%
Description
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
How to fix CVE-2023-27530
To remediate CVE-2023-27530, upgrade the affected package to a fixed version below.
- Debian/ruby-rack—upgrade to 2.1.4-3+deb11u1 or later
- —upgrade to 2.0.6-3+deb10u3 or later
- —upgrade to 2.0.9.3 or later
Is CVE-2023-27530 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.1.4-3+deb11u1
- from 0, < 2.0.6-3+deb10u3
- from 0, < 2.0.9.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |