Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/pcs@0.11.1-10.el9_0?arch=8
Typerpm
Namespaceredhat
Namepcs
Version0.11.1-10.el9_0
Qualifiers
arch 8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-47ja-djzb-2bbw
vulnerability_id VCID-47ja-djzb-2bbw
summary 
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
## Summary

`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.

## Details

The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.

## Impact

An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.

## Mitigation

- Update to a version of Rack that limits the number of parameters parsed, or
- Use middleware to enforce a maximum query string size or parameter count, or
- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.

Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74239
published_at 2026-04-16T12:55:00Z
1
value 0.00808
scoring_system epss
scoring_elements 0.74202
published_at 2026-04-13T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74209
published_at 2026-04-12T12:55:00Z
3
value 0.00808
scoring_system epss
scoring_elements 0.74227
published_at 2026-04-11T12:55:00Z
4
value 0.00808
scoring_system epss
scoring_elements 0.74205
published_at 2026-04-09T12:55:00Z
5
value 0.00808
scoring_system epss
scoring_elements 0.7419
published_at 2026-04-08T12:55:00Z
6
value 0.00808
scoring_system epss
scoring_elements 0.74157
published_at 2026-04-07T12:55:00Z
7
value 0.00808
scoring_system epss
scoring_elements 0.74185
published_at 2026-04-04T12:55:00Z
8
value 0.00808
scoring_system epss
scoring_elements 0.74158
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
6
reference_url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
7
reference_url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
reference_id 1104927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
reference_id 2364966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
13
reference_url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
reference_id GHSA-gjh7-p2fx-99vx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
14
reference_url https://access.redhat.com/errata/RHSA-2025:7604
reference_id RHSA-2025:7604
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7604
15
reference_url https://access.redhat.com/errata/RHSA-2025:7605
reference_id RHSA-2025:7605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7605
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8256
reference_id RHSA-2025:8256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8256
18
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
19
reference_url https://access.redhat.com/errata/RHSA-2025:8288
reference_id RHSA-2025:8288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8288
20
reference_url https://access.redhat.com/errata/RHSA-2025:8289
reference_id RHSA-2025:8289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8289
21
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
22
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
23
reference_url https://access.redhat.com/errata/RHSA-2025:8319
reference_id RHSA-2025:8319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8319
24
reference_url https://access.redhat.com/errata/RHSA-2025:8322
reference_id RHSA-2025:8322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8322
25
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
26
reference_url https://access.redhat.com/errata/RHSA-2025:9838
reference_id RHSA-2025:9838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9838
27
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
aliases CVE-2025-46727, GHSA-gjh7-p2fx-99vx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47ja-djzb-2bbw
1
url VCID-62bx-a5uf-j3b4
vulnerability_id VCID-62bx-a5uf-j3b4
summary 
Tornado vulnerable to excessive logging caused by malformed multipart form data
### Summary

When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

### Affected versions

All versions of Tornado prior to 6.5 are affected. The vulnerable parser is enabled by default.

### Solution

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
reference_id
reference_type
scores
0
value 0.01164
scoring_system epss
scoring_elements 0.78643
published_at 2026-04-16T12:55:00Z
1
value 0.01164
scoring_system epss
scoring_elements 0.78571
published_at 2026-04-02T12:55:00Z
2
value 0.01164
scoring_system epss
scoring_elements 0.78603
published_at 2026-04-04T12:55:00Z
3
value 0.01164
scoring_system epss
scoring_elements 0.78584
published_at 2026-04-07T12:55:00Z
4
value 0.01164
scoring_system epss
scoring_elements 0.78609
published_at 2026-04-08T12:55:00Z
5
value 0.01164
scoring_system epss
scoring_elements 0.78616
published_at 2026-04-09T12:55:00Z
6
value 0.01164
scoring_system epss
scoring_elements 0.7864
published_at 2026-04-11T12:55:00Z
7
value 0.01164
scoring_system epss
scoring_elements 0.78622
published_at 2026-04-12T12:55:00Z
8
value 0.01164
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/tornadoweb/tornado
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tornadoweb/tornado
5
reference_url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3
6
reference_url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-16T13:36:22Z/
url https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47287
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
reference_id 1105886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
reference_id 2366703
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2366703
11
reference_url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
reference_id GHSA-7cx3-6m66-7c5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cx3-6m66-7c5m
12
reference_url https://access.redhat.com/errata/RHSA-2025:8135
reference_id RHSA-2025:8135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8135
13
reference_url https://access.redhat.com/errata/RHSA-2025:8136
reference_id RHSA-2025:8136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8136
14
reference_url https://access.redhat.com/errata/RHSA-2025:8223
reference_id RHSA-2025:8223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8223
15
reference_url https://access.redhat.com/errata/RHSA-2025:8226
reference_id RHSA-2025:8226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8226
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
18
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
19
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
20
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
21
reference_url https://access.redhat.com/errata/RHSA-2025:8664
reference_id RHSA-2025:8664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8664
22
reference_url https://usn.ubuntu.com/7547-1/
reference_id USN-7547-1
reference_type
scores
url https://usn.ubuntu.com/7547-1/
fixed_packages
aliases CVE-2025-47287, GHSA-7cx3-6m66-7c5m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62bx-a5uf-j3b4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pcs@0.11.1-10.el9_0%3Farch=8