Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Rack multipart parser 安全漏洞
Vulnerability Description
Rack是软件开发者Christian Neukirchen所研发的一个Ruby Web服务器接口,它为Web服务器、Web框架和中间件的API进行了统一,并支持使用单一的方法调用。multipart parser是其中的一个用于处理multipart/form-data请求的解析器。 Rack 2.0.6之前版本中的multipart parser存在拒绝服务漏洞。攻击者可通过发送特制的请求利用该漏洞消耗大量CPU资源。
CVSS Information
N/A
Vulnerability Type
N/A