3 matches found
rubygem-rack: crafted requests can cause shell escape sequences
A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...
Scientific Linux Security Update : pcs on SL7.x x86_64 (20151119)
A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. CVE-2015-3225 The pcs package has been upgraded to upstream version 0.9.143, which provides a number of bug fixe...
UBUNTU-CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...