Denial of Service Vulnerability in Ruby Rack Web Server Interface
CVE-2025-49007
6.6MEDIUM
What is CVE-2025-49007?
A vulnerability in the Content-Disposition parsing component of Rack, a popular modular Ruby web server interface, allows attackers to exploit crafted inputs. This can lead to prolonged parsing times and create potential denial of service conditions for applications relying on Rack. The vulnerability affects all applications that process multipart posts, which encompasses nearly all Ruby on Rails applications using versions prior to 3.1.16. Users are advised to update to version 3.1.16, which includes necessary security patches.
Affected Version(s)
rack >= 3.1.0, < 3.1.16