Description


lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Related CPE's


a

rack_project

rack

3

o

opensuse

opensuse

2

o

debian

debian_linux

2

Weaknesses



CWE-19

CVSS impact metrics


AV:N/AC:L/Au:N/C:N/I:N/A:P

5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2015-07-26T22:59:04.070

9 years ago

Last modified

2018-10-30T16:27:35.843

6 years ago