Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29812

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Static uses a simple string prefix check to determine if a request should be served as a static file. When configured with URL prefixes like "/css", it matches any request path...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2018/08/14 7:51 p.m.5 views

spark: Absolute and relative pathnames allow for unintended static file disclosure

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

5.3CVSS5.9AI score0.046EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/06/26 4:40 p.m.9 views

spark: Absolute and relative pathnames allow for unintended static file disclosure

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

5.3CVSS5.9AI score0.046EPSS
Exploits0References4
Rows per page
Query Builder