EUVD-2017-0324

Malware in sbrugna...

EUVD-2025-6155

Malicious code in bioql PyPI...

EUVD-2024-1519

Malicious code in bioql PyPI...

disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

Linux Distros Unpatched Vulnerability : CVE-2025-27111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...

CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

Contributed Rack Middleware and Utilities 安全漏洞

Contributed Rack Middleware and Utilities is a collection of various add-ons for Rack, a Ruby web server interface. A security vulnerability exists in Contributed Rack Middleware and Utilities versions prior to 2.5.0, which stems from unrestricted user-controlled data that is susceptible to...

SUSE CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

OmniAuth 安全漏洞

OmniAuth is an authentication system implemented using Rack middleware. A security vulnerability exists in OmniAuth versions prior to 2.0, which stems from lib/omniauth/failureendpoint.rb not escaping the messagekey value...

rubygem-actionpack: information leak between requests

A flaw was found in the Rack middleware package of RubyGems, where response bodies will not close under certain circumstances. This flaw allows an attacker to iterate requests to force ActionDispatch::Executor to not close, allowing subsequent requests to leak data from...

CVE-2022-23633

A flaw was found in the Rack middleware package of RubyGems, where response bodies will not close under certain circumstances. This flaw allows an attacker to iterate requests to force ActionDispatch::Executor to not close, allowing subsequent requests to leak data from...

Exposure of information in Action Pack

Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data...

Cross site request forgery (csrf)

bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not...

CVE-2021-39197 Cross-Site Request Forgery in better_errors

bettererrors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not...

CVE-2021-39197

CVE-2021-39197 affects the Ruby gem better_errors. It describes that versions prior to 2.8.0 did not implement CSRF protection for internal requests and did not enforce the correct Content-Type header, allowing cross-origin (CORS) attacks in applications with better_errors enabled. The issue is l...