Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length
Vulnerability Description
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit. For file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space. This results in a denial of service condition for Rack applications that accept multipart form data. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Rack 安全漏洞
Vulnerability Description
Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.23之前版本、3.1.21之前版本和3.2.6之前版本存在安全漏洞,该漏洞源于Rack::Multipart::Parser在处理缺少Content-Length标头的多部分请求时无总大小限制,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A