Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-27539

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

rubygem-rack: denial of service in header parsing

Mitigation

Setting Regexp.timeout in Ruby 3.2 is a possible workaround.

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 8 RedHat pcs-0:0.10.15-4.el8_8.1
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat pcs-0:0.10.8-1.el8_4.4
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat pcs-0:0.10.12-6.el8_6.4
Red Hat Enterprise Linux 9 RedHat pcs-0:0.11.4-7.el9_2
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat pcs-0:0.11.1-10.el9_0.4
Red Hat Satellite 6.14 for RHEL 8 RedHat rubygem-rack-0:2.2.7-1.el8sat
Red Hat Satellite 6.14 for RHEL 8 RedHat rubygem-rack-0:2.2.7-1.el8sat
RHOL-5.6-RHEL-8 RedHat openshift-logging/fluentd-rhel8:v1.14.6-113
RHOL-5.7-RHEL-8 RedHat openshift-logging/fluentd-rhel8:v1.14.6-140

Ubuntu

Possible Denial of Service Vulnerability in Rack’s header parsing

Affected Software List

Name Vendor Version
Ruby-rack Ubuntu/trusty end of standard support
Ruby-rack Ubuntu/lunar end of life, was needs-triage
Ruby-rack Ubuntu/jammy 2.1.4-5ubuntu1.1
Ruby-rack Ubuntu/kinetic end of life, was needs-triage
Ruby-rack Ubuntu/xenial end of standard support
Ruby-rack Ubuntu/esm-apps/bionic 1.6.4-4ubuntu0.2+esm5
Ruby-rack Ubuntu/trusty/esm 1.5.2-3+deb8u3ubuntu1~esm7
Ruby-rack Ubuntu/esm-apps/focal 2.0.7-2ubuntu0.1+esm4
Ruby-rack Ubuntu/esm-apps/jammy 2.1.4-5ubuntu1+esm4
Ruby-rack Ubuntu/esm-apps/xenial 1.6.4-3ubuntu0.2+esm5
Ruby-rack Ubuntu/esm-infra-legacy/trusty TBD
Ruby-rack Ubuntu/focal
Ruby-rack Ubuntu/mantic 2.2.4-3ubuntu0.1
Ruby-rack Ubuntu/upstream 2.2.6.4-1
Ruby-rack Ubuntu/bionic end of standard support, was needs-triage
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use