Skip to content

Rack vulnerable to Denial of Service via large parameter depth request

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Aug 28, 2023

Package

bundler rack (RubyGems)

Affected versions

>= 1.6.0, < 1.6.2
>= 1.5.0, < 1.5.4
>= 1.4.0, < 1.4.6

Patched versions

1.6.2
1.5.4
1.4.6
Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Aug 28, 2023

Severity

Moderate

EPSS score

13.945%
(96th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2015-3225

GHSA ID

GHSA-rgr4-9jh5-j4j6

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.