75 matches found
Astra Linux - уязвимость в jetty9
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, as well as 10.0.0 and 11.0.0, when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e., q parameters, the server may enter a Denial-of-Service DoS state due to high CPU usage in processing...
@fastify/accepts-serializer 安全漏洞
@fastify/accepts-serializer is a plugin developed by Fastify, which automatically selects a serialization method based on the Accept header. Versions of @fastify/accepts-serializer up to 6.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size limits or evicti...
CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
EUVD-2021-1076
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-7284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. Wh...
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...
VulnCheck KEV: CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
OESA-2025-1686 rubygem-rack security update
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...
GHSA-CJ83-2WW7-MVQ7 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...
SUSE CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...
CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
UBUNTU-CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
CVE-2024-39316
Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...
CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
Internet Bug Bounty: ReDoS Vulnerability in HTTP Accept Headers Parsing
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Rack::Request::Helpers module when parsing HTTP Accept headers. The vulnerability was caused by a lack of fix in the Rack v3.1 release series until v3.1.5...
PT-2024-28440 · Rack · Rack
Name of the Vulnerable Software and Affected Versions: Rack versions 3.1.0 through 3.1.4 Rack versions prior to 2.0.9.4 Rack versions prior to 2.1.4.4 Rack versions prior to 2.2.8.1 Rack versions prior to 3.0.9.1 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in th...