cbcvebase.
CVE-2015-3225
published 2015-07-26

CVE-2015-3225: lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a…

PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
7.78%
93.9th percentile
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianruby-rack< ruby-rack 1.5.2-4 (bookworm)ruby-rack 1.5.2-4 (bookworm)
opensuseopensuse
opensuseopensuse
rackrack>= 1.4.0 < 1.4.61.4.6
rackrack>= 1.5.0 < 1.5.41.5.4
rackrack>= 1.6.0 < 1.6.21.6.2
rack_projectrack<= 1.5.3
rack_projectrack
rack_projectrack

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.