The following vulnerability was published for ruby-rack.
CVE-2025-49007[0]:
| Rack is a modular Ruby web server interface. Starting in version
| 3.1.0 and prior to version 3.1.16, there is a denial of service
| vulnerability in the Content-Disposition parsing component of Rack.
| This is very similar to the previous security issue CVE-2022-44571.
| Carefully crafted input can cause Content-Disposition header parsing
| in Rack to take an unexpected amount of time, possibly resulting in
| a denial of service attack vector. This header is used typically
| used in multipart parsing. Any applications that parse multipart
| posts using Rack (virtually all Rails applications) are impacted.
| Version 3.1.16 contains a patch for the vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.