Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005328 advisory. Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforced its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

CVE-2025-59830

Rack (Ruby web server interface) prior to version 2.2.18 is vulnerable in Rack::QueryParser where param counting is enforced only for parameters separated by & but parsing also splits on ;. This allows semicolon-separated parameters to bypass the params_limit and can lead to increased CPU/memory ...

PT-2025-39397

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.18 Description Rack’s QueryParser component incorrectly counts parameters when using both '&' and ';' separators. The params limit is only enforced for parameters separated by '&', allowing attackers to bypass the...