PT-2026-2140

Name of the Vulnerable Software and Affected Versions Snuffleupagus versions prior to 0.13.0 Description Snuffleupagus is a module designed to increase the cost of attacks against websites by eliminating bug classes and offering a virtual patching system. In deployments of Snuffleupagus before...

USN-5896-1 ruby-rack vulnerabilities

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of...

USN-5896-1: Rack vulnerabilities

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of...

CVE-2022-30122

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to regular expression denial of service. The vulnerability exists because the BROKENQUOTED and BROKENUNQUOTED attributes in the Multipart module of multipart.rb does not properly restrict the broken mime parser, allowing an attacker to crash the application by providing malicio...

CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...