VDB
GCVE-110-MAGEIA-2025-334
GCVE-110-MAGEIA-2025-334
Advisory Published
Unbounded-Parameter DoS in Rack::QueryParser. (CVE-2025-46727)
ReDoS Vulnerability in Rack::Multipart handle_mime_head.
(CVE-2025-49007)
Rack QueryParser has an unsafe default allowing params_limit bypass via
semicolon-separated parameters. (CVE-2025-59830)
Rack's unbounded multipart preamble buffering enables DoS (memory
exhaustion). (CVE-2025-61770)
Rack's multipart parser buffers large non‑file fields entirely in
memory, enabling DoS (memory exhaustion). (CVE-2025-61771)
Rack's multipart parser buffers unbounded per-part headers, enabling DoS
(memory exhaustion). (CVE-2025-61772)
Rack is vulnerable to a memory-exhaustion DoS through unbounded
URL-encoded body parsing. (CVE-2025-61919)
Rack has Possible Information Disclosure Vulnerability. (CVE-2025-61780)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby-rack | 0 (affected), 2.2.21-1.mga9 (unaffected) | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.