Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

GHSA-CJ83-2WW7-MVQ7 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

SUSE CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

UBUNTU-CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

Internet Bug Bounty: ReDoS Vulnerability in HTTP Accept Headers Parsing

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Rack::Request::Helpers module when parsing HTTP Accept headers. The vulnerability was caused by a lack of fix in the Rack v3.1 release series until v3.1.5...

CVE-2024-38272

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We...

CVE-2024-38272 Auth Bypass in Quick Share

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We...

SUSE CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

DEBIAN-CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

UBUNTU-CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...

CVE-2024-36484 net: relax socket state check at accept time.

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/afinet.c:761 inetaccept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted...