Lucene search
+L

45 matches found

RedHat Linux
RedHat Linux
added 2025/11/04 11:37 p.m.3 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 8:2 p.m.9 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/04 7:51 p.m.4 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.5 views

RHEL 8 : pcs (RHSA-2025:19719)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19719 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

7.5CVSS7.3AI score0.00868EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.5 views

RHEL 8 : pcs (RHSA-2025:19647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19647 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

7.5CVSS7.3AI score0.00868EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.5 views

RHEL 10 : pcs (RHSA-2025:19513)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19513 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

7.5CVSS7.3AI score0.00868EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2025/11/03 8:27 p.m.4 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.3 views

Rack 资源管理错误漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.20, 3.1.18, and 3.2.3, which stems from Rack::Request POST not limiting the size of the request body when processing the application/x-www-form-urlencod...

7.5CVSS6.6AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2024/07/03 5:3 p.m.23 views

GHSA-CJ83-2WW7-MVQ7 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

6.5CVSS6.4AI score0.00856EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/07/02 4:15 p.m.43 views

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

6.5CVSS5.9AI score0.00856EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/07/02 3:57 p.m.21 views

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

6.5CVSS5.4AI score0.00856EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.5 views

SUSE CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6.4AI score0.01816EPSS
Exploits0References12
RubySec
RubySec
added 2022/06/27 12:0 a.m.69 views

Denial of Service Vulnerability in Rack Multipart Parsing

There is a possible denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30122. Versions Affected: = 1.2 Not affected: 1.2 Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted multipart POST...

7.5CVSS4.2AI score0.02056EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.50 views

Fedora 29 : 1:rubygem-rack (2018-e8ff8b7f8e)

Buffer size in multipart parser allows for denial of service CVE-2018-16470. - Cross-site scripting XSS via scheme method on Rack::Request CVE-2018-16471. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

7.5CVSS6.4AI score0.02033EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/11/15 3:59 p.m.26 views

Rack vulnerable to Cross-site Scripting

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6AI score0.01816EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2018/11/13 11:29 p.m.1 views

DEBIAN-CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6AI score0.01816EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/13 11:0 p.m.36 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1AI score0.01816EPSS
Exploits0References5
CVE
CVE
added 2018/11/13 11:0 p.m.228 views

CVE-2018-16471

CVE-2018-16471 (Rack XSS) Affected: Rack up to versions before 2.0.6 and 1.6.11. Issue: crafted requests can affect Rack::Request.scheme return value, enabling cross-site scripting if the value is not escaped by the app. Impact: potential XSS in apps that rely on Rack::Request.scheme without esca...

6.1CVSS5.7AI score0.01816EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2018/11/13 11:0 p.m.55 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6.3AI score0.01816EPSS
Exploits0
Rows per page
Query Builder