19 matches found
SUSE CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...
GHSA-V569-HP3G-36WR Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...
CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
DEBIAN-CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
UBUNTU-CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
CVE-2026-34230
Rack: Quadratic-time vulnerability in Rack::Utils.select_best_encoding when Accept-Encoding contains many wildcard entries. An unauthenticated attacker can craft a header to trigger disproportionate CPU usage on Rack::Deflater, causing DoS. Affected versions: < 2.2.23, < 3.1.21,
CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
PT-2026-29809
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Utils.select best encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by...
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...
OpenJDK Inflater/Deflater clone issues (6745393)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...
Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
OpenJDK Inflater/Deflater clone issues (6745393)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...
Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
Ubuntu Update for Linux kernel vulnerabilities USN-923-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9231.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
OpenJDK Inflater/Deflater clone issues (6745393)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...
OpenJDK Inflater/Deflater clone issues (6745393)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...