Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-49007

Опубликовано: 04 июн. 2025
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*
Версия от 3.1.0 (включая) до 3.1.16 (исключая)

EPSS

Процентиль: 37%
0.00155
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-770
CWE-1333

Связанные уязвимости

ubuntu логотип

CVE-2025-49007

CVSS3: 5.3
ubuntu
7 месяцев назад

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

redhat логотип

CVE-2025-49007

CVSS3: 7.5
redhat
7 месяцев назад

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

debian логотип

CVE-2025-49007

CVSS3: 5.3
debian
7 месяцев назад

Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...

github логотип

GHSA-47m2-26rw-j2jw

github
7 месяцев назад

ReDoS Vulnerability in Rack::Multipart handle_mime_head

fstec логотип

BDU:2025-12287

CVSS3: 7.5
fstec
7 месяцев назад

Уязвимость компонента parsing модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 37%
0.00155
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-770
CWE-1333