VYPR

rpm package

opensuse/rubygem-rack&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.3

Vulnerabilities (4)

  • CVE-2022-30123Dec 5, 2022
    affected < 2.0.8-150000.3.6.1fixed 2.0.8-150000.3.6.1

    A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

  • CVE-2022-30122Dec 5, 2022
    affected < 2.0.8-150000.3.6.1fixed 2.0.8-150000.3.6.1

    A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.

  • CVE-2020-8161Jul 2, 2020
    affected < 2.0.8-150000.3.9.1fixed 2.0.8-150000.3.9.1

    A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

  • CVE-2020-8184Jun 19, 2020
    affected < 2.0.8-150000.3.9.1fixed 2.0.8-150000.3.9.1

    A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.