Количество 14
Количество 14
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...
GHSA-6xw4-3v39-52mm
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
BDU:2025-13874
Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2026:20025-1
Security update for hawk2
SUSE-SU-2025:4273-1
Security update for rubygem-rack
ELSA-2025-21036
ELSA-2025-21036: pcs security update (IMPORTANT)
ELSA-2025-20962
ELSA-2025-20962: pcs security update (IMPORTANT)
ELSA-2025-19719
ELSA-2025-19719: pcs security update (IMPORTANT)
ELSA-2025-19513
ELSA-2025-19513: pcs security update (IMPORTANT)
ELSA-2025-19512
ELSA-2025-19512: pcs security update (IMPORTANT)
ROS-20251106-03
Множественные уязвимости rubygem-rack
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
| CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ... | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
| GHSA-6xw4-3v39-52mm Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-13874 Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | openSUSE-SU-2026:20025-1 Security update for hawk2 | 3 месяца назад | ||
| SUSE-SU-2025:4273-1 Security update for rubygem-rack | 4 месяца назад | ||
| ELSA-2025-21036 ELSA-2025-21036: pcs security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-20962 ELSA-2025-20962: pcs security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-19719 ELSA-2025-19719: pcs security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2025-19513 ELSA-2025-19513: pcs security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2025-19512 ELSA-2025-19512: pcs security update (IMPORTANT) | 5 месяцев назад | ||
 | ROS-20251106-03 Множественные уязвимости rubygem-rack | CVSS3: 7.5 | 5 месяцев назад |
Уязвимостей на страницу