rpm package
suse/rmt-server&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/rmt-server&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46727 | — | < 2.23-150400.3.42.1 | 2.23-150400.3.42.1 | May 7, 2025 | Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers | ||
| CVE-2025-32441 | — | < 2.23-150400.3.42.1 | 2.23-150400.3.42.1 | May 7, 2025 | Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the | ||
| CVE-2024-28103 | — | < 2.17-150400.3.25.1 | 2.17-150400.3.25.1 | Jun 4, 2024 | Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. |
- CVE-2025-46727May 7, 2025affected < 2.23-150400.3.42.1fixed 2.23-150400.3.42.1
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers
- CVE-2025-32441May 7, 2025affected < 2.23-150400.3.42.1fixed 2.23-150400.3.42.1
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the
- CVE-2024-28103Jun 4, 2024affected < 2.17-150400.3.25.1fixed 2.17-150400.3.25.1
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.