2 matches found
The vulnerability in the Rack::Request#POST class of the modular interface between web servers and Rack web applications allows a attacker to cause a service failure.
The vulnerability in the Rack::RequestPOST class of the modular interface between web servers and Rack web applications involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...