ALAS2-2024-2492 --- pcsID: oval:org.secpod.oval:def:1702209 | Date: (C)2024-03-20 (M)2024-04-29 |
Class: PATCH | Family: unix |
A Denial of Service vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. A Denial of Service vulnerability was found in rubygem-rack in how it parses Range Header. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. A Denial of Service vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted