A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.
Setting Regexp.timeout in Ruby 3.2 is a possible workaround.
bugzilla.redhat.com/show_bug.cgi?id=2179649
discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
nvd.nist.gov/vuln/detail/CVE-2023-27539
rubysec.com/advisories/CVE-2023-27539/
www.cve.org/CVERecord?id=CVE-2023-27539