VYPR

Vendor CVEs

Rack

All CVEs

52 total · sorted by risk
  • CVE-2013-0262Feb 8, 2013
    risk 0.00cvss epss 0.03

    rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka…

  • CVE-2011-5036Dec 30, 2011
    risk 0.00cvss epss 0.04

    Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted…

Page 2 of 2