MiracleLinux 8 : pcs-0.10.18-2.el8_10.7.ML.1 (AXSA:2025-11087:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11087:08 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...

RockyLinux 9 : pcs (RLSA-2025:19512)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19512 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's unbound...

Oracle Linux 10 : pcs (ELSA-2025-19513)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19513 advisory. 0.12.0-3.0.1.el100.3 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves...

Oracle Linux 9 : pcs (ELSA-2025-19512)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19512 advisory. 0.11.9-2.el96.2 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves:...

ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15621-1 Rating: moderate Cross-References: CVE-2025-61770 CVE-2025-61771 CVE-2025-61772 CVSS scores: CVE-2025-61770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61770 SUSE : 8.7...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...

Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2025:1492-1 Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

GHSA-V6J3-7JRW-HQ2P Rack Gem Subject to Denial of Service via Hash Collisions

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

rubygem-rack: hijack sessions by using timing attacks targeting the session id

A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality...

Security Bulletin: Aspera on Cloud CVE-2020-8184

Summary A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3, rack 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the...

CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

rubygem-rack: receiving excessively long lines triggers out-of-memory error

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

rubygem-rack: Rack::Auth:: AbstractRequest DoS

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...