Логотип exploitDog
bind:CVE-2025-46727
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2025-46727

Количество 16

Количество 16

ubuntu логотип

CVE-2025-46727

3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2025-46727

3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2025-46727

3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix th

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2025-46727

3 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-gjh7-p2fx-99vx

3 месяца назад

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

CVSS3: 7.5
EPSS: Низкий
oracle-oval логотип

ELSA-2025-8319

около 1 месяца назад

ELSA-2025-8319: pcs security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2025-8256

2 месяца назад

ELSA-2025-8256: pcs security update (IMPORTANT)

EPSS: Низкий
fstec логотип

BDU:2025-07426

3 месяца назад

Уязвимость интерфейса модуля Rack интерпретатора языка программирования Ruby, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02564-1

7 дней назад

Security update for rmt-server

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02429-1

17 дней назад

Security update for rmt-server

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02330-1

22 дня назад

Security update for rmt-server

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:02329-1

22 дня назад

Security update for rmt-server

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:01586-2

2 месяца назад

Security update for rubygem-rack

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2025:01586-1

3 месяца назад

Security update for rubygem-rack

EPSS: Низкий
oracle-oval логотип

ELSA-2025-8254

2 месяца назад

ELSA-2025-8254: pcs security update (IMPORTANT)

EPSS: Низкий
redos логотип

ROS-20250619-01

около 2 месяцев назад

Множественные уязвимости rubygem-rack

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
0%
Низкий
3 месяца назад
redhat логотип
CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix...

CVSS3: 7.5
0%
Низкий
3 месяца назад
nvd логотип
CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix th

CVSS3: 7.5
0%
Низкий
3 месяца назад
debian логотип
CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...

CVSS3: 7.5
0%
Низкий
3 месяца назад
github логотип
GHSA-gjh7-p2fx-99vx

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

CVSS3: 7.5
0%
Низкий
3 месяца назад
oracle-oval логотип
ELSA-2025-8319

ELSA-2025-8319: pcs security update (IMPORTANT)

около 1 месяца назад
oracle-oval логотип
ELSA-2025-8256

ELSA-2025-8256: pcs security update (IMPORTANT)

2 месяца назад
fstec логотип
BDU:2025-07426

Уязвимость интерфейса модуля Rack интерпретатора языка программирования Ruby, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
0%
Низкий
3 месяца назад
suse-cvrf логотип
SUSE-SU-2025:02564-1

Security update for rmt-server

7 дней назад
suse-cvrf логотип
SUSE-SU-2025:02429-1

Security update for rmt-server

17 дней назад
suse-cvrf логотип
SUSE-SU-2025:02330-1

Security update for rmt-server

22 дня назад
suse-cvrf логотип
SUSE-SU-2025:02329-1

Security update for rmt-server

22 дня назад
suse-cvrf логотип
SUSE-SU-2025:01586-2

Security update for rubygem-rack

2 месяца назад
suse-cvrf логотип
SUSE-SU-2025:01586-1

Security update for rubygem-rack

3 месяца назад
oracle-oval логотип
ELSA-2025-8254

ELSA-2025-8254: pcs security update (IMPORTANT)

2 месяца назад
redos логотип
ROS-20250619-01

Множественные уязвимости rubygem-rack

CVSS3: 7.5
около 2 месяцев назад

Уязвимостей на страницу