CVE-2023-27530: 
Ruby vulnerability analysis and mitigation

A Denial of Service (DoS) vulnerability was identified in Rack versions <3.0.4.2, <2.2.6.3, <2.1.4.3, and <2.0.9.3, specifically within the Multipart MIME parsing code. The vulnerability was discovered on March 2, 2023, and was assigned the identifier CVE-2023-27530 (Ruby Rails Discussion).

The vulnerability exists in the Multipart MIME parsing code where Rack limits the number of file parts but does not limit the total number of parts that can be uploaded. This oversight allows carefully crafted requests to cause multipart parsing to take longer than expected, potentially leading to a denial of service condition. The vulnerability has received a CVSS score of 7.5 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Security).

When successfully exploited, this vulnerability could lead to Denial of Service (DoS) conditions, potentially affecting the availability of services running on affected Rack versions (NetApp Security).

The vulnerability has been fixed in Rack versions 3.0.4.2, 2.2.6.3, 2.1.4.3, and 2.0.9.3. As a workaround, administrators can configure a proxy to limit the POST body size to mitigate this issue. Patches have been provided for different release series for users who cannot upgrade immediately (Ruby Rails Discussion).