VYPR
Low severityNVD Advisory· Published Feb 9, 2023· Updated Aug 3, 2024

CVE-2022-44571

CVE-2022-44571

Description

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rackRubyGems
>= 2.0.0, < 2.0.9.22.0.9.2
rackRubyGems
>= 2.1.0, < 2.1.4.22.1.4.2
rackRubyGems
>= 2.2.0, < 2.2.6.12.2.6.1
rackRubyGems
>= 3.0.0.0, < 3.0.4.13.0.4.1

Affected products

13

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.