apk package
chainguard/ruby3.2-rack-2.2
pkg:apk/chainguard/ruby3.2-rack-2.2
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-25184 | — | < 2.2.22-r0 | 2.2.22-r0 | Feb 12, 2025 | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting | ||
| CVE-2024-26141 | — | < 2.2.8.1-r0 | 2.2.8.1-r0 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa | ||
| CVE-2024-25126 | — | < 2.2.8.1-r0 | 2.2.8.1-r0 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 | ||
| CVE-2024-26146 | — | < 2.2.8.1-r0 | 2.2.8.1-r0 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl |
- CVE-2025-25184Feb 12, 2025affected < 2.2.22-r0fixed 2.2.22-r0
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting
- CVE-2024-26141Feb 28, 2024affected < 2.2.8.1-r0fixed 2.2.8.1-r0
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa
- CVE-2024-25126Feb 28, 2024affected < 2.2.8.1-r0fixed 2.2.8.1-r0
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1
- CVE-2024-26146Feb 28, 2024affected < 2.2.8.1-r0fixed 2.2.8.1-r0
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl
Page 2 of 2