CVE-2024-26146 (rack): Possible Denial of Service Vulnerability in Rack Header Parsing

Ruby Security Advisory

There is a possible denial of service vulnerability in the header parsing
routines in Rack. This vulnerability has been assigned the CVE identifier

Versions Affected: All. Not affected: None Fixed Versions:,,,

# Impact

Carefully crafted headers can cause header parsing in Rack to take longer than
expected resulting in a possible denial of service issue. `Accept` and
`Forwarded` headers are impacted.

Ruby 3.2 has mitigations for this problem, so Rack applications using
Ruby 3.2 or newer are unaffected.

# Releases

The fixed releases are available at the normal locations.

# Workarounds

There are no feasible workarounds for this issue.