DEBIAN-CVE-2022-44571

DEBIAN-CVE-2022-44571 PUBLISHED CVSS 7.5 HIGH

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	ruby-rack	0, 0, 0
Debian:11	ruby-rack	2.1.4-3, 0, 2.1.4-3
Debian:12	ruby-rack	0, 0, 0
Debian:13	ruby-rack	0, 0, 0

Timeline

Feb 9, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-44571 advisory

Open in Interactive Console →