Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44670?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44670?format=api", "vulnerability_id": "VCID-bqpn-m2fh-9kab", "summary": "Possible Denial of Service Vulnerability in Rack’s header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.", "aliases": [ { "alias": "CVE-2023-27539" }, { "alias": "GHSA-c6qg-cjj8-47qp" }, { "alias": "GMS-2023-769" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64317?format=api", "purl": "pkg:gem/rack@2.2.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64318?format=api", "purl": "pkg:gem/rack@3.0.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57019?format=api", "purl": "pkg:gem/rack@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ra1-pgt2-3ubf" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/64279?format=api", "purl": "pkg:gem/rack@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-yq3g-ykeu-pfbp" }, { "vulnerability": "VCID-zqax-g5xz-wuch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0" } ], "references": [ { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539", "reference_id": "CVE-2023-27539", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml", "reference_id": "CVE-2023-27539.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml" }, { "reference_url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp", "reference_id": "GHSA-c6qg-cjj8-47qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqpn-m2fh-9kab" }