155 matches found
Important: pcs
Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 tornado: Tornado Multipart Form-Data Denial of Service CVE-2025-47287 For more details about the securit...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...
SUSE CVE-2025-46727
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...
CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...
CVE-2025-46727
CVE-2025-46727 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without limiting the total number of parameters. The issue arises because R...
CVE-2025-32020
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter,...
CVE-2025-32020
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter,...
CVE-2025-32020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in crud-query-parser
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter,...
CVE-2025-32020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in crud-query-parser
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter,...
CVE-2025-32020
CVE-2025-32020 affects the crud-query-parser library. The vulnerability arises from improper neutralization of the order/sort parameter in the TypeORM adapter when ordering is enabled and a property filter is not configured, enabling SQL injection. Impacted environments are those using the TypeOR...
CVE-2025-32020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in crud-query-parser
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter,...
PT-2025-15445 · Unknown +1 · Crud-Query-Parser +1
Name of the Vulnerable Software and Affected Versions: crud-query-parser versions prior to 0.1.0 Description: The crud-query-parser library is affected by an issue where improper neutralization of the order/sort parameter in the TypeORM adapter allows SQL injection. This issue impacts users who a...
crud-query-parser SQL注入漏洞
crud-query-parser is a tool by Guilherme Chaguri Personal Developer. A SQL injection vulnerability exists in crud-query-parser that stems from not properly neutralizing the order/sort parameter, resulting in SQL injection...
Malicious code in another-query-parser (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11296 Malicious code in another-query-parser (npm)
--- -= Per source details. Do not edit below this line.=-...