GMS-2023-65: Duplicate of ./gem/rack/CVE-2022-44571.yml

January 18, 2023

Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

References

github.com/advisories/GHSA-93pm-5p5f-3ghx
github.com/rack/rack/releases/tag/v3.0.4.1

Code Behaviors & Features

Detect and mitigate GMS-2023-65 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →