12 matches found
Ruby Rack 3.2.x < 3.2.6 Header Injection Vulnerability
The version of the Rack Ruby library installed on the remote host is 3.2.0 or later but prior to 3.2.6. It is, therefore, affected by a header injection vulnerability: - Rack::Multipart::Parser unfolds folded multipart part headers incorrectly, preserving embedded CRLF in parsed parameter values...
Ruby Rack < 2.2.23 / 3.0.x < 3.1.21 / 3.2 < 3.2.6 Multiple Vulnerabilities
The version of the Rack Ruby library installed on the remote host is prior to 2.2.23, prior to 3.1.21, or prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities: - Rack::Utils.getbyteranges parses HTTP Range header without limiting the number of individual byte ranges, leading to...
Denial of Service (DoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2026-26962
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
UBUNTU-CVE-2025-61772
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...
USN-6689-1 ruby-rack vulnerabilities
It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...
rubygem-rack: Denial of service in Multipart MIME parsing
A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...
UBUNTU-CVE-2023-27539
There is a denial of service vulnerability in the header parsing component of Rack...
Regular Expression Denial of Service (ReDoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...
UBUNTU-CVE-2013-0184
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...