Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rack@3.2.2
Typegem
Namespace
Namerack
Version3.2.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.3
Latest_non_vulnerable_version3.2.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dss4-6ptr-83av
vulnerability_id VCID-dss4-6ptr-83av
summary 
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).
references
0
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
url https://github.com/rack/rack
1
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
2
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
3
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
reference_id CVE-2025-61771
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
reference_id CVE-2025-61771.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
6
reference_url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
2
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dss4-6ptr-83av
1
url VCID-k8fr-zuyx-yyhg
vulnerability_id VCID-k8fr-zuyx-yyhg
summary 
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).
references
0
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
url https://github.com/rack/rack
1
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
2
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
3
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
reference_id CVE-2025-61772
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
reference_id CVE-2025-61772.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
6
reference_url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
2
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61772, GHSA-wpv5-97wm-hp9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8fr-zuyx-yyhg
2
url VCID-xpa3-1n87-8ucv
vulnerability_id VCID-xpa3-1n87-8ucv
summary 
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.
references
0
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
url https://github.com/rack/rack
1
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
2
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
3
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
reference_id CVE-2025-61770
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
reference_id CVE-2025-61770.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
6
reference_url https://github.com/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
url https://github.com/advisories/GHSA-p543-xpfm-54cp
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
2
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61770, GHSA-p543-xpfm-54cp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpa3-1n87-8ucv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2