It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-59830) It was discovered that Rack did not properly handle certain multipart form data. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61770, CVE-2025-61772) It was discovered that Rack did not properly handle certain form fields. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771) It was discovered that Rack did not properly handle certain headers. An attacker could possibly use this issue to bypass proxy access restrictions and obtain sensitive information. (CVE-2025-61780) Tomoya Yamashita discovered that Rack did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61919)
Continue reading...
Continue reading...
