10 matches found
openSUSE Security Update : rubygem-rack (openSUSE-2019-1553)
This update for rubygem-rack fixes the following issues : Security issued fixed : - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
openSUSE: Security Advisory for rubygem-rack (openSUSE-SU-2019:1553-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2019:1440-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600...
Fedora 29 : 1:rubygem-rack (2018-e8ff8b7f8e)
Buffer size in multipart parser allows for denial of service CVE-2018-16470. - Cross-site scripting XSS via scheme method on Rack::Request CVE-2018-16471. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Fedora 28 : 1:rubygem-rack (2018-02e965a729)
Buffer size in multipart parser allows for denial of service CVE-2018-16470. - Cross-site scripting XSS via scheme method on Rack::Request CVE-2018-16471. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
[SECURITY] [DLA 1585-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...
MGASA-2018-0449 Updated ruby-rack packages fix security vulnerability
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...
CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...
CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...
Possible XSS vulnerability in Rack
There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data...