rpm package
suse/rubygem-rack-1_4&distro=SUSE Linux Enterprise Module for Containers 12
pkg:rpm/suse/rubygem-rack-1_4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26141 | — | < 1.4.5-9.3.1 | 1.4.5-9.3.1 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa | ||
| CVE-2024-25126 | — | < 1.4.5-9.3.1 | 1.4.5-9.3.1 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 | ||
| CVE-2024-26146 | — | < 1.4.5-9.3.1 | 1.4.5-9.3.1 | Feb 28, 2024 | Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl | ||
| CVE-2015-3225 | — | < 1.4.5-8.10 | 1.4.5-8.10 | Jul 26, 2015 | lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. |
- CVE-2024-26141Feb 28, 2024affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa
- CVE-2024-25126Feb 28, 2024affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1
- CVE-2024-26146Feb 28, 2024affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl
- CVE-2015-3225Jul 26, 2015affected < 1.4.5-8.10fixed 1.4.5-8.10
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.