| Package | ruby-rack |
|---|---|
| Version | 1.6.4-4+deb9u5 (stretch) |
| Related CVEs | CVE-2023-27539 |
It was found out that a carefully crafted input can cause header parsing in Rack, a modular Ruby webserver interface, to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u5.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.