14147 matches found
CVE-2026-34826 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
CVE-2026-32762 vulnerabilities
Vulnerabilities for packages: pact-broker-docker-fips, ruby3.2-rails, logstash, ruby3.4-rails, kube-fluentd-operator, pact-broker-docker...
GHSA-8VQR-QJWX-82MW vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
CVE-2026-34786 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
CVE-2026-26961 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
CVE-2026-34831 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
CVE-2026-34827 vulnerabilities
Vulnerabilities for packages: pact-broker-docker-fips, ruby3.2-rails, logstash, ruby3.4-rails, kube-fluentd-operator, pact-broker-docker...
GHSA-RX22-G9MX-QRHV vulnerabilities
Vulnerabilities for packages: pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, pact-broker-docker...
GHSA-Q4QF-9J86-F5MH vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, gitlab-cng, pact-broker-docker-fips, ruby3.2-rails, ruby3.3-rack, logstash, gitlab-rails-ce, ruby3.4-rails, ruby3.2-rack, gitlab-rails-ce-fips, kube-fluentd-operator, pact-broker-docker...
GHSA-V6X5-CG8R-VV6X vulnerabilities
Vulnerabilities for packages: pact-broker-docker-fips, ruby3.2-rails, logstash, ruby3.4-rails, kube-fluentd-operator, pact-broker-docker...
GHSA-VPFW-47H7-XJ4G vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, ruby3.3-rack, ruby3.2-rack...
GHSA-625H-95R8-8XPM vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby4.0-rack, ruby3.3-rack, ruby3.2-rack...
SUSE CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
SUSE CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Ruby vulnerability (USN-8137-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8137-1 advisory. It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs....
EUVD-2026-18478
Rack::Request accepts invalid Host characters, enabling host allowlist bypass...
EUVD-2026-18474
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters...
CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-26962
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
CVE-2026-32762
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...