PT-2025-23867 · Rack · Rack

Tenderlove

Publicado

2025-06-04

Atualizado

2025-12-29

CVE-2025-49007

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Rack versions 3.1.0 through 3.1.15

Description The issue is a denial of service vulnerability in the Content-Disposition parsing component of Rack. It can be triggered by carefully crafted input, causing the Content-Disposition header parsing to take an unexpected amount of time, which may result in a denial of service attack. This vulnerability affects applications that parse multipart posts using Rack, including virtually all Rails applications.

Recommendations For Rack versions 3.1.0 through 3.1.15, update to version 3.1.16, which contains a patch for the vulnerability.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-1333

Identificadores relacionados

BDU:2025-12287

CVE-2025-49007

ECHO-192D-891B-072B

GHSA-47M2-26RW-J2JW

MGASA-2025-0334

Produtos afetados

Rack

PT-2025-23867 · Rack · Rack

CVE-2025-49007

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24