CNNVD-202510-1051 Information

CNNVD ID

CNNVD-202510-1051

Related CVE

CVE-2025-61771

• CNNVD Published: 2025-10-07

Description (Chinese)

Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.19之前版本、3.1.17之前版本和3.2.2之前版本存在资源管理错误漏洞，该漏洞源于Rack::Multipart::Parser将非文件表单字段完全存储在内存中，可能导致内存耗尽和拒绝服务攻击。

Description (English)

Rack is a modular Ruby web server interface for Rack Open Source. There is a resource management error loophole in the previous, 3.1.17 and 3.2.2 versions of Rak: Multipart: Parser fully stored non-file table fields in the memory, which could lead to depletion of memory and denial of service attacks.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

Rack

Published

2025-10-07

Last Modified

2026-02-24

References

https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e https://vigilance.fr/vulnerability/Rack-five-vulnerabilities-dated-03-11-2025-48633