rpm package
opensuse/rubygem-rack&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30123 | — | < 2.0.8-150000.3.6.1 | 2.0.8-150000.3.6.1 | Dec 5, 2022 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | ||
| CVE-2022-30122 | — | < 2.0.8-150000.3.6.1 | 2.0.8-150000.3.6.1 | Dec 5, 2022 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | ||
| CVE-2020-8161 | — | < 2.0.8-150000.3.9.1 | 2.0.8-150000.3.9.1 | Jul 2, 2020 | A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | ||
| CVE-2020-8184 | — | < 2.0.8-150000.3.9.1 | 2.0.8-150000.3.9.1 | Jun 19, 2020 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. |
- CVE-2022-30123Dec 5, 2022affected < 2.0.8-150000.3.6.1fixed 2.0.8-150000.3.6.1
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
- CVE-2022-30122Dec 5, 2022affected < 2.0.8-150000.3.6.1fixed 2.0.8-150000.3.6.1
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
- CVE-2020-8161Jul 2, 2020affected < 2.0.8-150000.3.9.1fixed 2.0.8-150000.3.9.1
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
- CVE-2020-8184Jun 19, 2020affected < 2.0.8-150000.3.9.1fixed 2.0.8-150000.3.9.1
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.