发布于3月6日3月6日 Members FreeBSD: VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9 (CVE-2023-27539): rack -- possible denial of service vulnerability in header parsing Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/13/2023 Created 03/27/2023 Added 03/24/2023 Modified 03/24/2023 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9: ooooooo_q reports: Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Solution(s) freebsd-upgrade-package-rubygem-rack freebsd-upgrade-package-rubygem-rack16 freebsd-upgrade-package-rubygem-rack22 References CVE-2023-27539
