VYPR

apk package

wolfi/ruby3.2-rack

pkg:apk/wolfi/ruby3.2-rack

Vulnerabilities (4)

  • CVE-2025-25184Feb 12, 2025
    affected < 3.1.10-r0fixed 3.1.10-r0

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting

  • CVE-2024-26141Feb 28, 2024
    affected < 3.0.9.1-r0fixed 3.0.9.1-r0

    Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa

  • CVE-2024-25126Feb 28, 2024
    affected < 3.0.9.1-r0fixed 3.0.9.1-r0

    Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1

  • CVE-2024-26146Feb 28, 2024
    affected < 3.0.9.1-r0fixed 3.0.9.1-r0

    Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl