Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.5 views

SUSE CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.8 views

SUSE CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 8:31 p.m.6 views

EUVD-2026-18423

Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 6:16 p.m.4 views

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS0.00192EPSS
Exploits2References1
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 4:44 p.m.3 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29810

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root path contains regex metacharacters su...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References54
OSV
OSV
added 2024/06/08 5:15 p.m.3 views

CVE-2024-21748

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21...

5.4CVSS7.3AI score0.00296EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.5 views

PT-2024-19035 · Icegram · Icegram

Name of the Vulnerable Software and Affected Versions: Icegram versions 3.1.21 and earlier Description: The issue is related to a Missing Authorization vulnerability in Icegram. This vulnerability allows unauthorized access. Recommendations: For Icegram versions 3.1.21 and earlier, at the moment,...

5.4CVSS6.7AI score0.00296EPSS
Exploits0References7
Rows per page
Query Builder