---
gem: rack
cve: 2011-5036
osvdb: 78121
url: https://nvd.nist.gov/vuln/detail/CVE-2011-5036
title: |
  Rack Hash Collision Form Parameter Parsing Remote DoS
date: 2011-12-28

description: |
  Rack contains a flaw that may allow a remote denial of service. The issue is
  triggered when an attacker sends multiple crafted parameters which trigger
  hash collisions, and will result in loss of availability for the program via
  CPU consumption.

cvss_v2: 5.0
patched_versions:
  - "~> 1.1.3"
  - "~> 1.2.5"
  - "~> 1.3.6"
  - ">= 1.4.0"