6 matches found
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Utils.selectbestencoding, which has a quadratic time complexity when processing Accept-Encoding headers...
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Staticapplicablerules’ evaluation of header rules for PATHINFO when the original URL is encoded. The underlyin...
Rack 资源管理错误漏洞
Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.19, prior to 3.1.17, and prior to 3.2.2, which stems from Rack::Multipart::Parser storing non-document form fields entirely in memory, potentially leadi...
Rack Security Vulnerabilities
Rack is the modular Ruby web server interface. A security vulnerability in Rack versions prior to 2.0.9.4, prior to 2.1.4.4, prior to 2.2.8.1, and prior to 3.0.9.1 stems from a carefully crafted header that could cause Rack's media type parser to take longer than expected, resulting in a denial o...
Rack Resource Management Error Vulnerability
Rack is a modular Ruby web server interface. A resource management error vulnerability exists in Rack versions prior to 3.0.9.1, 2.2.8.1, and 2.2.8.1, which stems from a crafted Range header that may cause the server to respond abnormally, resulting in a denial of service...
SUSE CVE-2020-8161
A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure...