Описание
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ruby193-rubygem-rack | Will not fix | ||
| OpenStack Foreman | rubygem-rack | Will not fix | ||
| Red Hat Enterprise MRG 2 | rubygem-rack | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | rubygem-rack | Will not fix | ||
| Red Hat Software Collections | rh-ror41-rubygem-rack | Will not fix | ||
| Red Hat Software Collections | ror40-rubygem-rack | Will not fix | ||
| Red Hat Software Collections | ruby193-rubygem-rack | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-rack | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Fixed | RHSA-2015:2290 | 19.11.2015 |
| Red Hat Satellite 6.3 for RHEL 7 | createrepo_c | Fixed | RHBA-2018:0337 | 21.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used ...
EPSS
4.3 Medium
CVSS2