CVE-2022-44572
Last modified
CVE-2022-44572 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.. EPSS estimates a 1.62% chance of exploitation in the next 30 days.
Description
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rack | Rack | < 2.0.9.2 |
| Rack | Rack | >= 2.1.0, < 2.1.4.2 |
| Rack | Rack | >= 2.2.0, < 2.2.4.1 |
References
- https://hackerone.com/reports/1639882Permissions Required, Third Party Advisory
- https://hackerone.com/reports/1639882Permissions Required, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-44572?
How severe is CVE-2022-44572?
How do I fix CVE-2022-44572?
Are you affected by CVE-2022-44572?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST