Tomek Rabczak

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 1.5.4 Rack versions 1.6.x prior to 1.6.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a SystemStackError, via a request with a large parameter depth. This affects products that use Rack, including Ruby on Rails 3.x and 4.x. **Recommendations** For Rack version prior to 1.5.4, update to version 1.5.4 or later. For Rack version 1.6.x prior to 1.6.2, update to version 1.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 4.1.11 Ruby on Rails versions 4.2.x prior to 4.2.2 **Description** The issue allows remote attackers to cause a denial of service (SystemStackError) via a large XML document depth when JDOM or REXML is enabled in the `jdom.rb` and `rexml.rb` components in Active Support. **Recommendations** For Ruby on Rails versions prior to 4.1.11, update to version 4.1.11 or later. For Ruby on Rails versions 4.2.x prior to 4.2.2, update to version 4.2.2 or later. As a temporary workaround, consider disabling the JDOM or REXML components until a patch is available.