10 matches found
SUSE CVE-2026-32762
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...
SUSE CVE-2026-34827
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...
EUVD-2026-18423
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing...
CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
DEBIAN-CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-34829
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...
CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...
PT-2026-29810
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root path contains regex metacharacters su...
CVE-2024-21748
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21...
PT-2024-19035 · Icegram · Icegram
Name of the Vulnerable Software and Affected Versions: Icegram versions 3.1.21 and earlier Description: The issue is related to a Missing Authorization vulnerability in Icegram. This vulnerability allows unauthorized access. Recommendations: For Icegram versions 3.1.21 and earlier, at the moment,...