There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-11-13T23:00:00

Updated: 2024-08-05T10:24:32.612Z

Reserved: 2018-09-04T00:00:00

Link: CVE-2018-16470

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-13T23:29:00.263

Modified: 2024-11-21T03:52:49.123

Link: CVE-2018-16470

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-06T00:00:00Z

Links: CVE-2018-16470 - Bugzilla