Aaron Patterson reports:
+++ ++
+- CVE-2022-44570
+- + Carefully crafted input can cause the Range header + parsing component in Rack to take an unexpected amount + of time, possibly resulting in a denial of service + attack vector. Any applications that deal with Range + requests (such as streaming applications, or + applications that serve files) may be impacted. +
+- CVE-2022-44571
+- + Carefully crafted input can cause Content-Disposition + header parsing in Rack to take an unexpected amount of + time, possibly resulting in a denial of service attack + vector. This header is used typically used in multipart + parsing. Any applications that parse multipart posts + using Rack (virtually all Rails applications) are + impacted. +
+- CVE-2022-44572
+- + Carefully crafted input can cause RFC2183 multipart + boundary parsing in Rack to take an unexpected amount of + time, possibly resulting in a denial of service attack + vector. Any applications that parse multipart posts + using Rack (virtually all Rails applications) are + impacted. +
+