Описание
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby-rack | fixed | 3.0.8-2 | package | |
| ruby-rack | fixed | 2.2.20-0+deb12u1 | bookworm | package |
Примечания
https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
Fixed by: https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71 (v2.2.18)
Rack > 3 is not affected as semicolons are not considered parameter separators in Rack 3.
Mark the first version in 3.x series entering unstable as the fixed version.
EPSS
Связанные уязвимости
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
Уязвимость функции QueryParser() интерфейса модуля Rack интерпретатора языка программирования Ruby, позволяющая нарушителю вызвать отказ в обслуживании
EPSS