Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.15 Vulnerability Details CVEID:CVE-2026-22860 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the...

[SECURITY] Fedora 41 Update: rubygem-rack-2.2.21-1.fc41

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

OESA-2025-1686 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to gain unauthorized access and modify protected information.

The vulnerability of the Ruby interpreter’s Rack module interface is related to the failure to handle CRLF sequences properly. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access and modify protected information...

The vulnerability of the Ruby interpreter’s Rack module interface allows attackers to influence the integrity of the protected information.

The vulnerability of the Ruby interpreter’s Rack module interface is related to improper processing of output data for registration logs. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...

The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack architecture allows a attacker to cause a service failure.

The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability may allow a malicious actor to cause service failur...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2024-1926

Name of the Vulnerable Software and Affected Versions Rack versions 1.3.0 through 3.0.9 and 2.2.8.1. Description Rack is a modular Ruby web server interface. A denial of service DoS vulnerability exists due to improper handling of Range headers. Carefully crafted Range headers can cause the serve...

SUSE CVE-2012-2660

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

SUSE CVE-2012-2694

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Database-query Authentication Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Race condition

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...