Denial of Service Vulnerability in Rack's Header Parsing Component
CVE-2023-27539

Currently unrated

Key Information:

Vendor: Rails
Status: Rack
Vendor: CVE Published:; 9 January 2025

What is CVE-2023-27539?

A vulnerability exists in the header parsing component of Rack, which can lead to denial of service. Attackers may exploit this flaw to disrupt service by crafting malicious headers. The implications can severely affect dependent Ruby applications and web services, necessitating immediate attention to update to secure versions. Users should review the release notes for patched versions and consider implementing additional safeguards to protect their applications.

Affected Version(s)

Rack 2.2.6.4

Rack 3.0.6.1

References

https://discuss.rubyonrails.org/t/cve-2023-27539-possible...

https://github.com/advisories/GHSA-c6qg-cjj8-47qp

https://github.com/rack/rack/commit/231ef369ad0b542575fb3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Mar 2, 2023

Rails

What is CVE-2023-27539?

Affected Version(s)

References

Timeline