GMS-2022-1643: Duplicate of ./gem/rack/CVE-2022-30122.yml

May 27, 2022

Carefully crafted multipart POST requests can cause Rack’s multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack’s multipart parser to parse multipart posts.

References

github.com/advisories/GHSA-hxqx-xwvh-44m2
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml
groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Detect and mitigate GMS-2022-1643 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →