8 matches found
DLA-4090-1 ruby-rack - security update
Bulletin has no description...
CVE-2023-27539
There is a denial of service vulnerability in the header parsing component of Rack...
DSA-5698-1 ruby-rack - security update
Bulletin has no description...
MGASA-2022-0252 Updated ruby-rack packages fix security vulnerability
Crafted multipart POST request may cause a DoS CVE-2022-30122 Crafted requests can cause shell escape sequences CVE-2022-30123...
DLA-2216-1 ruby-rack - security update
Bulletin has no description...
Rack Vulnerable to Path Traversal
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...
CVE-2012-6109
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...
CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...