{}

{}

{}

{"affected_release": [{"advisory": "RHSA-2023:3082", "cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability", "package": "pcs-0:0.10.15-4.el8_8.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:1961", "cpe": "cpe:/a:redhat:rhel_eus:8.4::highavailability", "package": "pcs-0:0.10.8-1.el8_4.4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-04-25T00:00:00Z"}, {"advisory": "RHSA-2023:3403", "cpe": "cpe:/a:redhat:rhel_eus:8.6::highavailability", "package": "pcs-0:0.10.12-6.el8_6.4", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-05-31T00:00:00Z"}, {"advisory": "RHSA-2023:2652", "cpe": "cpe:/a:redhat:enterprise_linux:9::highavailability", "package": "pcs-0:0.11.4-7.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:1981", "cpe": "cpe:/a:redhat:rhel_eus:9.0::highavailability", "package": "pcs-0:0.11.1-10.el9_0.4", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-25T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "package": "rubygem-rack-0:2.2.7-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:6818", "cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8", "package": "rubygem-rack-0:2.2.7-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:1953", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-113", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2023-04-26T00:00:00Z"}, {"advisory": "RHSA-2023:3495", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-140", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2023-06-12T00:00:00Z"}], "bugzilla": {"description": "rubygem-rack: denial of service in header parsing", "id": "2179649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179649"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-1333", "details": ["A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Setting Regexp.timeout in Ruby 3.2 is a possible workaround."}, "name": "CVE-2023-27539", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "3scale-amp-zync-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-rack", "product_name": "Red Hat Storage 3"}], "public_date": "2023-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-27539\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27539\nhttps://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466\nhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml\nhttps://rubysec.com/advisories/CVE-2023-27539/"], "threat_severity": "Moderate", "upstream_fix": "rubygem-rack 2.2.6.4, rubygem-rack 3.0.6.1"}