Vulnerability in Rack_project Rack

CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

EPSS: 0.078 (93.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2015-3225?
CVE-2015-3225 is a vulnerability in Rack_project Rack, classified under CWE-19. Published 2015-07-26.
Is CVE-2015-3225 known to be exploited?
4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.