RubySec

Providing security resources for the Ruby community

CVE-2015-3225 (rack): Potential Denial of Service Vulnerability in Rack

ADVISORIES

GEM

rack

PATCHED VERSIONS

  • >= 1.6.2
  • ~> 1.5.4
  • ~> 1.4.6

DESCRIPTION

Carefully crafted requests can cause a SystemStackError and potentially cause a denial of service attack.

All users running an affected release should upgrade.