Search CVE reports
1 – 10 of 30 results
CVE-2024-39316
Medium priorityRack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35231
Medium priorityrack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data...
1 affected package
ruby-rack-contrib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack-contrib | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-26146
Medium priorityRack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-26141
Medium priorityRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue....
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-25126
Medium priorityRack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Fixed | Fixed | Fixed | Not affected | Not affected |
CVE-2024-27456
Negligible priorityrack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
1 affected package
ruby-rack-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack-cors | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-27539
Medium prioritySome fixes available 6 of 8
Possible Denial of Service Vulnerability in Rack’s header parsing
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-27530
Medium prioritySome fixes available 3 of 8
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Not affected | Fixed | Fixed | Ignored | Ignored |
CVE-2022-44572
Medium prioritySome fixes available 2 of 3
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2022-44571
Medium prioritySome fixes available 5 of 6
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header...
1 affected package
ruby-rack
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack | Not affected | Fixed | Fixed | Fixed | Fixed |