GHSA-3pxh-h8hw-mj8w

Suggest an improvement
Source
https://github.com/advisories/GHSA-3pxh-h8hw-mj8w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-3pxh-h8hw-mj8w/GHSA-3pxh-h8hw-mj8w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3pxh-h8hw-mj8w
Aliases
Published
2017-10-24T18:33:37Z
Modified
2024-02-18T05:33:25.441201Z
Summary
Rack rubygems receiving excessively long lines triggers out-of-memory error
Details

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

References

Affected packages

RubyGems / rack

Package

Name
rack
Purl
pkg:gem/rack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.3.0
Fixed
1.3.8

Affected versions

1.*

1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7

RubyGems / rack

Package

Name
rack
Purl
pkg:gem/rack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.4.0
Fixed
1.4.3

Affected versions

1.*

1.4.0
1.4.1
1.4.2