CVE-2023-27539

Medium CVSS: 5.3

There is a denial of service vulnerability in the header parsing component of Rack.

Vendor

Product

CWE

Yayın Tarihi

2025-01-09 01:15:07

Güncelleme

2025-10-10 16:31:34

Source Identifier

support@hackerone.com

KEV Date Added

NVD-CWE-noinfo Rack MEDIUM Rack 2025

https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 https://github.com/advisories/GHSA-c6qg-cjj8-47qp https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html https://security.netapp.com/advisory/ntap-20231208-0016/ https://www.debian.org/security/2023/dsa-5530

Medium

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack…

Medium

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an…

High

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check…

High

CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the…

Medium

CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclos…

High

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser`…