VYPR

rpm package

opensuse/rubygem-rack&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.5

Vulnerabilities (3)

  • CVE-2024-26141Feb 28, 2024
    affected < 2.0.8-150000.3.21.2fixed 2.0.8-150000.3.21.2

    Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa

  • CVE-2024-25126Feb 28, 2024
    affected < 2.0.8-150000.3.21.2fixed 2.0.8-150000.3.21.2

    Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1

  • CVE-2024-26146Feb 28, 2024
    affected < 2.0.8-150000.3.21.2fixed 2.0.8-150000.3.21.2

    Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl