CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

Debian: Security Advisory (DLA-3298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5253-1: Rack vulnerabilities

It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...

Debian: Security Advisory (DSA-3322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...