ADVISORIES
- CVE-2012-6109 (NVD)
- GHSA-h77x-m5q8-c29h
- OSVDB-89317
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- ~> 1.1.4
- ~> 1.2.6
- ~> 1.3.7
- >= 1.4.2
DESCRIPTION
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.