VYPR

rpm package

suse/rubygem-rack-1_4&distro=SUSE Linux Enterprise Module for Containers 12

pkg:rpm/suse/rubygem-rack-1_4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Vulnerabilities (4)

  • CVE-2024-26141Feb 28, 2024
    affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1

    Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middlewa

  • CVE-2024-25126Feb 28, 2024
    affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1

    Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1

  • CVE-2024-26146Feb 28, 2024
    affected < 1.4.5-9.3.1fixed 1.4.5-9.3.1

    Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack appl

  • CVE-2015-3225Jul 26, 2015
    affected < 1.4.5-8.10fixed 1.4.5-8.10

    lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.