CVE-2023-27539

MEDIUM EPSS 60.4%
Published Jan 9, 20251y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jan 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

There is a denial of service vulnerability in the header parsing component of Rack.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
60.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
rackrack*≥2.0.0  –  <2.2.6.4
rackrack*≥3.0.0  –  <3.0.6.1
debiandebian_linux10.0any
debiandebian_linux11.0any

References 7

  • discuss.rubyonrails.org https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
    Vendor Advisory
  • github.com https://github.com/advisories/GHSA-c6qg-cjj8-47qp
    PatchThird Party Advisory
  • github.com https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
    Patch
  • github.com https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
    Mailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20231208-0016/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5530
    Mailing ListThird Party Advisory

Remediation

  • github.com https://github.com/advisories/GHSA-c6qg-cjj8-47qp
    PatchThird Party Advisory
  • github.com https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
    Patch
  • github.com https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
    Patch