VYPR

rpm package

opensuse/rubygem-rack&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.6

Vulnerabilities (7)

  • CVE-2025-61919Oct 10, 2025
    affected < 2.2.20-150000.3.34.1fixed 2.2.20-150000.3.34.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large

  • CVE-2025-61780Oct 10, 2025
    affected < 2.2.20-150000.3.34.1fixed 2.2.20-150000.3.34.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could ca

  • CVE-2025-46727May 7, 2025
    affected < 2.0.8-150000.3.31.1fixed 2.0.8-150000.3.31.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers

  • CVE-2025-32441May 7, 2025
    affected < 2.0.8-150000.3.31.1fixed 2.0.8-150000.3.31.1

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the

  • CVE-2025-27610Mar 10, 2025
    affected < 2.0.8-150000.3.26.1fixed 2.0.8-150000.3.26.1

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vu

  • CVE-2025-27111Mar 4, 2025
    affected < 2.0.8-150000.3.26.1fixed 2.0.8-150000.3.26.1

    Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vul

  • CVE-2025-25184Feb 12, 2025
    affected < 2.0.8-150000.3.26.1fixed 2.0.8-150000.3.26.1

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting