An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE

Rack has possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.

Versions Affected: All. Not affected: None Fixed Versions:,,,


The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.

All users running an affected release should either upgrade or use one of the workarounds immediately.


A proxy can be configured to limit the POST body size which will mitigate this issue.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: about 2 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-3h57-hmj3-gj3p, CVE-2023-27530

Affected Packages

Versions: >= 3.0.0, <, >= 2.2.0, <, >= 2.1.0, <, <
Fixed in:,,,