3 matches found
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
Ubuntu 24.04 LTS / 25.04 : Rack vulnerability (USN-7784-1)
The remote Ubuntu 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7784-1 advisory. It was discovered that Rack incorrectly handled limiting the amount of parameters. An attacker could possibly use this issue to bypass the paramslimit...
GHSA-625H-95R8-8XPM Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...