SCA: security update for rack (GHSA-gjh7-p2fx-99vx)

high Tenable Self-Hosted Container Security Plugin ID 434732

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14,
`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data
structures without imposing any limit on the number of parameters, allowing attackers to send requests
with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates
over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total
number of parameters. This allows an attacker to send a single request containing hundreds of thousands
(or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger
denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin
CPU resources, stalling or crashing the Rack server. This results in full service disruption until the
affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix the issue. Some other mitigations
are available. One may use middleware to enforce a maximum query string size or parameter count, or employ
a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.
Limiting request body sizes and query string lengths at the web server or CDN level is an effective
mitigation. (CVE-2025-46727)

See Also

https://github.com/advisories/GHSA-gjh7-p2fx-99vx

Plugin Details

Severity: High

ID: 434732

Version: Revision 1.3

Type: Local

Family: SCA Checks

Published: 8/19/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.67

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-46727

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/8/2025

Vulnerability Publication Date: 5/7/2025

Reference Information

CVE: CVE-2025-46727

IAVB: 2025-B-0073-S

cwe: CWE-400