5

CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Data is provided by the National Vulnerability Database (NVD)
Rack ProjectRack Version <= 1.5.3
Rack ProjectRack Version1.6.0
Rack ProjectRack Version1.6.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.08% 0.941
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
http://openwall.com/lists/oss-security/2015/06/16/14
Third Party Advisory
Mailing List
https://github.com/rack/rack/blob/master/HISTORY.md
Patch
Vendor Advisory
Issue Tracking