Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2025/11/11 7:52 p.m.5 views

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

7.5CVSS6.9AI score0.00535EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/11 3:5 p.m.6 views

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

7.5CVSS6.9AI score0.00535EPSS
Exploits0References6
Veracode
Veracode
added 2025/11/10 6:49 a.m.10 views

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

7.5CVSS6.4AI score0.00535EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2025/11/05 1:11 p.m.8 views

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

7.5CVSS6.9AI score0.00535EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2025/09/29 3:9 p.m.3 views

USN-7784-1: Rack vulnerability

It was discovered that Rack incorrectly handled limiting the amount of parameters. An attacker could possibly use this issue to bypass the paramslimit value, leading to a denial of service...

7.5CVSS7.1AI score0.00535EPSS
Exploits0
OSV
OSV
added 2025/09/29 3:9 p.m.3 views

USN-7784-1 ruby-rack vulnerability

It was discovered that Rack incorrectly handled limiting the amount of parameters. An attacker could possibly use this issue to bypass the paramslimit value, leading to a denial of service...

7.5CVSS6.7AI score0.00535EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/25 2:37 p.m.12 views

CVE-2025-59830 Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS0.00535EPSS
Exploits0References2
Rows per page
Query Builder