VYPR
Low severityNVD Advisory· Published Feb 28, 2024· Updated Feb 13, 2025

Possible DoS Vulnerability with Range Header in Rack

CVE-2024-26141

Description

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the Rack::Utils.byte_ranges methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rackRubyGems
>= 3.0.0, < 3.0.9.13.0.9.1
rackRubyGems
>= 1.3.0, < 2.2.8.12.2.8.1

Affected products

39

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.