Количество 12
Количество 12
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...
GHSA-6xw4-3v39-52mm
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
BDU:2025-13874
Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:4273-1
Security update for rubygem-rack
ELSA-2025-21036
ELSA-2025-21036: pcs security update (IMPORTANT)
ELSA-2025-20962
ELSA-2025-20962: pcs security update (IMPORTANT)
ELSA-2025-19719
ELSA-2025-19719: pcs security update (IMPORTANT)
ELSA-2025-19513
ELSA-2025-19513: pcs security update (IMPORTANT)
ELSA-2025-19512
ELSA-2025-19512: pcs security update (IMPORTANT)
ROS-20251106-03
Множественные уязвимости rubygem-rack
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| GHSA-6xw4-3v39-52mm Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | BDU:2025-13874 Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:4273-1 Security update for rubygem-rack | около 2 месяцев назад | ||
| ELSA-2025-21036 ELSA-2025-21036: pcs security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-20962 ELSA-2025-20962: pcs security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-19719 ELSA-2025-19719: pcs security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-19513 ELSA-2025-19513: pcs security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-19512 ELSA-2025-19512: pcs security update (IMPORTANT) | 2 месяца назад | ||
 | ROS-20251106-03 Множественные уязвимости rubygem-rack | CVSS3: 7.5 | 2 месяца назад |
Уязвимостей на страницу