Lucene search
K

48 matches found

OSV
OSV
added 2025/10/07 5:27 p.m.10 views

GHSA-W9PC-FMGC-VXVW Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.8AI score0.00528EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/10/07 5:27 p.m.9 views

Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.9AI score0.00528EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/10/07 3:16 p.m.4 views

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS0.00528EPSS
Exploits0References4
OSV
OSV
added 2025/10/07 3:16 p.m.2 views

DEBIAN-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS5.8AI score0.00528EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 3:16 p.m.4 views

UBUNTU-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 2:42 p.m.3 views

EUVD-2025-32851

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/10/07 2:42 p.m.7 views

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS5.8AI score0.00528EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/07 2:42 p.m.9 views

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/07 2:42 p.m.5 views

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.3AI score0.00528EPSS
Exploits0References4
CVE
CVE
added 2025/10/07 2:42 p.m.26 views

CVE-2025-61771

CVE-2025-61771 affects Rack, a Ruby web server interface. The issue: Rack::Multipart::Parser buffers non-file form fields (parts without a filename) entirely in memory, allowing a single large text field in multipart/form-data to exhaust memory and cause DoS. Vulnerable versions are prior to 2.2....

7.5CVSS6.3AI score0.00528EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/07 2:42 p.m.4 views

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.3AI score0.00528EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2012-3981

Malware in sbrugna...

2.6CVSS6.1AI score0.01449EPSS
Exploits2References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4784

Malware in sbrugna...

6.8CVSS6.4AI score0.03885EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/01/15 12:0 a.m.10 views

The vulnerability of the “Allow All File Extensions” module in Drupal CMS systems stems from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the “Allow All File Extensions” module for file fields in Drupal CMS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00339EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Allow All File Extensions for file fields, which stems from the presence of an issue...

7.3CVSS6.8AI score0.00339EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.11 views

php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...

5.3CVSS5.7AI score0.00947EPSS
Exploits1References6
Patchstack
Patchstack
added 2024/12/11 12:0 a.m.4 views

Drupal Allow All File Extensions for file fields module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Allow All File Extensions for file fields versions...

7.3CVSS6.8AI score0.00339EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.3 views

PT-2024-10095 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue is related to the Allow All File Extensions for file fields feature in Drupal, which affects the handling of file uploads. This vulnerability is associated with insufficient input...

7.3CVSS7.6AI score0.00339EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.6 views

Fedora 40 : python-quart (2024-51bff89a25)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-51bff89a25 advisory. Security fix for GHSA-q34m-jh98-gwm2. 0.19.8 2024-10-25 - Bugfix: Fix missing check that caused the previous fix to raise an error. 0.19.7 2024-10-25 -...

5.6AI score
Exploits0References1
Snyk
Snyk
added 2024/10/25 8:41 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser. An attacker can cause the parser to consume more memory than the upload size, in excess of maxformmemorysize, by sending malicious data in a non-file...

7.5CVSS7.1AI score0.01102EPSS
Exploits0References2
Rows per page
Query Builder