lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rack(RubyGems) | 1.5.0 | 1.5.4 | N/A |
| rack(RubyGems) | 1.6.0 | 1.6.2 | N/A |
| rack(RubyGems) | 1.4.0 | 1.4.6 | N/A |
CVSS Metrics
