CVE-2023-27539 – rubygem-rack: denial of service in header parsing

https://notcve.org/view.php?id=CVE-2023-27539

25 Apr 2023 — There is a denial of service vulnerability in the header parsing component of Rack. A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an applic... • https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 • CWE-1333: Inefficient Regular Expression Complexity •