Количество 11
Количество 11
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...
GHSA-6xw4-3v39-52mm
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
BDU:2025-13874
Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:4273-1
Security update for rubygem-rack
ROS-20251106-03
Множественные уязвимости rubygem-rack
ELSA-2025-20962
ELSA-2025-20962: pcs security update (IMPORTANT)
ELSA-2025-19719
ELSA-2025-19719: pcs security update (IMPORTANT)
ELSA-2025-19513
ELSA-2025-19513: pcs security update (IMPORTANT)
ELSA-2025-19512
ELSA-2025-19512: pcs security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. Users should upgrade to Rack version 2.2.20, 3.1.18, or 3.2.3, anu of which enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies. Additionally, enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`). | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-61919 Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ... | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| GHSA-6xw4-3v39-52mm Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | BDU:2025-13874 Уязвимость класса Rack::Request#POST модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
 | SUSE-SU-2025:4273-1 Security update for rubygem-rack | 4 дня назад | ||
 | ROS-20251106-03 Множественные уязвимости rubygem-rack | CVSS3: 7.5 | 25 дней назад | |
| ELSA-2025-20962 ELSA-2025-20962: pcs security update (IMPORTANT) | 6 дней назад | ||
| ELSA-2025-19719 ELSA-2025-19719: pcs security update (IMPORTANT) | 25 дней назад | ||
| ELSA-2025-19513 ELSA-2025-19513: pcs security update (IMPORTANT) | 24 дня назад | ||
| ELSA-2025-19512 ELSA-2025-19512: pcs security update (IMPORTANT) | 28 дней назад |
Уязвимостей на страницу