{"id":"CVE-2015-3225","details":"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","aliases":["GHSA-rgr4-9jh5-j4j6"],"modified":"2026-03-23T05:01:45.115694458Z","published":"2015-07-26T22:59:04Z","related":["MGASA-2015-0346","SUSE-SU-2015:1522-1","SUSE-SU-2015:1888-1","SUSE-SU-2015:2190-1","SUSE-SU-2015:2274-1","openSUSE-SU-2024:10406-1","openSUSE-SU-2024:11344-1","openSUSE-SU-2024:11345-1","openSUSE-SU-2024:11346-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"},{"type":"ADVISORY","url":"http://openwall.com/lists/oss-security/2015/06/16/14"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3322"},{"type":"ADVISORY","url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"type":"ADVISORY","url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2015/06/16/14"},{"type":"ARTICLE","url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"},{"type":"FIX","url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"type":"REPORT","url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/75232"}],"schema_version":"1.7.5"}