7 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-46336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, a...
Linux Distros Unpatched Vulnerability : CVE-2025-32441
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...
SUSE CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
DEBIAN-CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
Race Condition
Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Race Condition in Rack::Session::Pool middleware, which allows an attacker to restore and use a deleted session. The attacker must be in possession of a valid session cookie and the...
PT-2025-20314 · Rack +5 · Rack +5
Name of the Vulnerable Software and Affected Versions: Rack versions prior to 2.2.14 Description: The issue affects Rack, a modular Ruby web server interface, when using the Rack::Session::Pool middleware. Simultaneous rack requests can restore a deleted rack session, allowing an unauthenticated...