CNNVD-202510-1412 Information
CNNVD ID
CNNVD-202510-1412
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.20之前版本、3.1.18之前版本和3.2.3之前版本存在资源管理错误漏洞,该漏洞源于Rack::Request POST在处理application/x-www-form-urlencoded内容类型时未限制请求体大小,可能导致内存耗尽型拒绝服务攻击。
Description (English)
Rack is a modular Ruby web server interface for Rack Open Source. Back 2.2.20 Before, 3.1.18 and 3.2.3, there was a resource management error loophole, which originated from the fact that Rack: Request POST did not limit the size of the requesting body when dealing with the application/x-www-form-urlencoded content type, which could lead to an RAM-depleted denial of service attack.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Rack
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881 https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm https://vigilance.fr/vulnerability/Rack-five-vulnerabilities-dated-03-11-2025-48633
Patch
https://github.com/rack/rack/releases
Share on: