Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/02 8:32 p.m.7 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.6AI score0.0043EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:41 p.m.6 views

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/02 4:41 p.m.21 views

CVE-2026-34230

Rack is a modular Ruby web server interface. CVE-2026-34230 describes a denial-of-service risk where Rack::Utils.select_best_encoding enters quadratic time on Accept-Encoding headers with many wildcard entries, enabling an unauthenticated attacker to exhaust CPU in the Rack::Deflater path. The is...

7.5CVSS5.7AI score0.0043EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.9 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.5AI score0.01996EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder