EUVD-2026-18378

Rack has quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header...

UBUNTU-CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

Integer Overflow lead to DOS in handling Accept-Encoding header in API /v2/models/<model-name>/generate

This report is not public...

EUVD-2003-0833

Malware in sbrugna...

EUVD-2018-0581

Malware in sbrugna...

Incorrect Input Validation

Apache Traffic Server is vulnerable to Incorrect Input Validation. The vulnerability is caused due to Invalid Accept-Encoding header. This can lead to fail cache lookup and force forwarding requests...

DEBIAN-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

UBUNTU-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

PT-2024-5532 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary requests using the HTTP...

GHSA-CQJG-WHMM-8GV6 Denial of Service via malformed accept-encoding header in hapi

Affected versions of hapi will crash or lock the event loop when a malformed accept-encoding header is recieved. Recommendation Update to version 16.1.1 or later...

Denial Of Service (DoS)

hapi is vulnerable to denial of service DoS attacks. A malicious user can send a malicious accept-encoding header to the system that causes the library to crash or the client to hang until the timeout period is reached...