CVE-2023-27530

Name of the Vulnerable Software and Affected Versions Rack versions prior to 3.0.4.2 Rack versions prior to 2.2.6.3 Rack versions prior to 2.1.4.3 Rack versions prior to 2.0.9.3

Description A DoS issue exists in the Multipart MIME parsing code, allowing an attacker to craft requests that can be abused to cause multipart parsing to take longer than expected. This could lead to an exploitation that allows a remote attacker to cause a denial of service. The Multipart MIME parsing code limits the number of file parts but does not limit the total number of parts that can be uploaded, which can be exploited by carefully crafted requests.

Recommendations For versions prior to 3.0.4.2, update to version 3.0.4.2 or later. For versions prior to 2.2.6.3, update to version 2.2.6.3 or later. For versions prior to 2.1.4.3, update to version 2.1.4.3 or later. For versions prior to 2.0.9.3, update to version 2.0.9.3 or later. As a temporary workaround, consider configuring a proxy to limit the POST body size to mitigate this issue.