Candidate: CVE-2018-16470
PublicDate: 2018-11-13 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16470
Description:
 There is a possible DoS vulnerability in the multipart parser in Rack
 before 2.0.6. Specially crafted requests can cause the multipart parser to
 enter a pathological state, causing the parser to use CPU resources
 disproportionate to the request size.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_ruby-rack:
upstream_ruby-rack: not-affected (debian: Only affects >= 2.0.4)
precise/esm_ruby-rack: DNE
trusty_ruby-rack: ignored (out of standard support)
trusty/esm_ruby-rack: not-affected (code not present)
xenial_ruby-rack: not-affected (code not present)
bionic_ruby-rack: not-affected (code not present)
cosmic_ruby-rack: ignored (reached end-of-life)
disco_ruby-rack: not-affected (2.0.6-1)
devel_ruby-rack: not-affected (2.0.6-1)