3 matches found
The vulnerability of the QueryParser() function in the Rack module’s interpreter for the Ruby programming language allows a hacker to cause a service failure.
The vulnerability of the QueryParser function in the Rack module’s interpreter for the Ruby programming language is related to resource exhaustion. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Important: pcs
Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...
Remote Code Execution (RCE)
lucene-queryparser is vulnerable to remote code execution. This is possible through the use of an XML external entity expansion XXE attack and the Config API with add-listener command...