Kwkr

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Utils.select best encoding processes `Accept-Encoding` values with quadratic time complexity when the header contains many wildcard (*) entries. Because this method is used by `Rack::Deflater` to choose a response encoding, an unauthenticated attacker can send a single request with a crafted `Accept-Encoding` header and cause disproportionate CPU consumption on the compression middleware path. This results in a denial of service condition for applications using `Rack::Deflater`. The attack does not require invalid HTTP syntax or large payload bodies. A single header-sized request is sufficient to reach the vulnerable code path. Recommendations Update to Rack version 2.2.23, 3.1.21, or 3.2.6.

**Name of the Vulnerable Software and Affected Versions** API users (affected versions not specified) **Description** The API allows code execution within the context of the api-server through the `/api/v2/dagReports` endpoint. This occurs when the api-server is deployed in an environment where Dag files are accessible. The vulnerability involves the execution of Dag code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 **Description** Rack is a modular Ruby web server interface. The `Rack::Multipart::Parser` component does not limit the size of the multipart preamble, potentially leading to excessive memory consumption and process termination due to out-of-memory conditions. An attacker can send a large preamble within a multipart/form-data request to trigger this issue. The impact is related to request sizes and concurrency, potentially causing worker crashes or slowdowns due to garbage collection. **Recommendations** Update to Rack version 2.2.19 or later. Update to Rack version 3.1.17 or later. Update to Rack version 3.2.2 or later. As a workaround, limit the total request body size at the proxy or web server level. As a workaround, monitor memory usage and set per-process limits to prevent out-of-memory conditions.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 **Description** Rack is a modular Ruby web server interface. The `Rack::Multipart::Parser` component stores non-file form fields in memory as Ruby `String` objects. A large text field within a multipart/form-data request can consume significant process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). Attackers can exploit this by sending requests with large non-file fields, causing excessive memory usage and potentially crashing workers or increasing garbage-collection overhead. All Rack applications processing multipart form submissions are potentially affected. **Recommendations** Update to Rack version 2.2.19 or later. Update to Rack version 3.1.17 or later. Update to Rack version 3.2.2 or later. Restrict maximum request body size at the web-server or proxy layer. Validate and reject unusually large form fields at the application level.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 **Description** Rack is a modular Ruby web server interface. The `Rack::Multipart::Parser` component can accumulate unbounded data when processing multipart requests with incomplete header blocks that lack the required blank line. This allows a remote attacker to exhaust memory, potentially leading to a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory usage, resulting in process termination or significant performance degradation. The impact is proportional to request size limits and concurrency. Applications handling multipart uploads may be affected. The parser keeps appending incoming bytes to memory without a size cap. **Recommendations** Update to Rack version 2.2.19 or later. Update to Rack version 3.1.17 or later. Update to Rack version 3.2.2 or later. As a workaround, restrict maximum request sizes at the proxy or web server layer.

Name of the Vulnerable Software and Affected Versions: rack versions prior to 2.2.18 Description: A flaw exists in `Rack::QueryParser` where the `params limit` is not correctly enforced when parameters are separated by semicolons (;) instead of ampersands (&). The parser counts only ampersands when enforcing the limit, while splitting on both. This allows attackers to bypass the parameter count limit and potentially cause a denial-of-service condition due to increased CPU and memory consumption. Recommendations: Upgrade to version 2.2.18 or later to address this issue. If upgrading is not immediately possible, configure `QueryParser` with an explicit delimiter (e.g., &) to avoid the mismatch.