Description:
Unbounded-Parameter DoS in Rack::QueryParser. (CVE-2025-46727)
ReDoS Vulnerability in Rack::Multipart handle_mime_head.
(CVE-2025-49007)
Rack QueryParser has an unsafe default allowing params_limit bypass via
semicolon-separated parameters. (CVE-2025-59830)
Rack's unbounded multipart preamble buffering enables DoS (memory
exhaustion). (CVE-2025-61770)
Rack's multipart parser buffers large non‑file fields entirely in
memory, enabling DoS (memory exhaustion). (CVE-2025-61771)
Rack's multipart parser buffers unbounded per-part headers, enabling DoS
(memory exhaustion). (CVE-2025-61772)
Rack is vulnerable to a memory-exhaustion DoS through unbounded
URL-encoded body parsing. (CVE-2025-61919)
Rack has Possible Information Disclosure Vulnerability. (CVE-2025-61780)
- https://bugs.mageia.org/show_bug.cgi?id=34755
- https://rack.github.io/rack/3.2/CHANGELOG_md.html
- https://www.cve.org/CVERecord?id=CVE-2025-46727
- https://www.cve.org/CVERecord?id=CVE-2025-49007
- https://www.cve.org/CVERecord?id=CVE-2025-59830
- https://www.cve.org/CVERecord?id=CVE-2025-61770
- https://www.cve.org/CVERecord?id=CVE-2025-61771
- https://www.cve.org/CVERecord?id=CVE-2025-61772
- https://www.cve.org/CVERecord?id=CVE-2025-61919
- https://www.cve.org/CVERecord?id=CVE-2025-61780
- 9/core/ruby-rack-2.2.21-1.mga9
Get the latest Linux and open source security news straight to your inbox.