VYPR

rpm package

suse/rubygem-rack&distro=SUSE Linux Enterprise High Availability Extension 15 SP7

pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7

Vulnerabilities (4)

  • CVE-2025-61919Oct 10, 2025
    affected < 2.2.20-150000.3.34.1fixed 2.2.20-150000.3.34.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large

  • CVE-2025-61780Oct 10, 2025
    affected < 2.2.20-150000.3.34.1fixed 2.2.20-150000.3.34.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could ca

  • CVE-2025-46727May 7, 2025
    affected < 2.0.8-150000.3.31.1fixed 2.0.8-150000.3.31.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers

  • CVE-2025-32441May 7, 2025
    affected < 2.0.8-150000.3.31.1fixed 2.0.8-150000.3.31.1

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the