13 matches found
Rack has a Directory Traversal via Rack:Directory
Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...
SUSE-SU-2025:4273-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - Update to version 2.2.20 bsc1251936 - CVE-2025-61919: Fixed application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap bsc1251936 - CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile...
pcs security update
0.11.10-1.el97.1 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945, RHEL-121035, RHEL-123630, RHEL-123642, RHEL-124938 0.11.10-1 - Rebased pcs to the latest sources see CHANGELOG.md Resolves: RHEL-77194,...
Fedora 41 : rubygem-rack (2025-a35addbf9b)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a35addbf9b advisory. Update to Rack 2.2.21 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Ubuntu: Security Advisory (USN-7366-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
pcs security update
0.10.18-2.0.1.el810.5 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.5 - Fixed CVE-2024-52804 by patching bundled Tornado Resolves: RHEL-93167 - Fixed CVE-2025-46727 by updating bundled rubygem rack Resolves: RHEL-90147...
[SECURITY] [DLA 4090-1] ruby-rack security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4090-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 24, 2025 https://wiki.debian.org/LTS -...
openSUSE Security Advisory (SUSE-SU-2025:0874-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for rubygem-rack-1_6
This update for rubygem-rack-16 fixes the following issues: CVE-2025-27610: Fixed improper sanitization of user-supplied paths when serving files leading to local file inclusion bsc1239298. CVE-2025-25184: Fixed Rack::CommonLogger log entry manipulation bsc1237141. Patch Instructions: To install...
SUSE-SU-2024:0946-1 Security update for rubygem-rack-1_4
This update for rubygem-rack-14 fixes the following issues: - CVE-2024-25126: Fixed a Denial of Service Vulnerability in Rack Content-Type Parsing bsc1220239 - CVE-2024-26141: Fixed a Denial of Service Vulnerability in Range request header parsing bsc1220242 - CVE-2024-26146: Fixed a Denial of...
SUSE-SU-2020:2678-1 Security update for rubygem-rack
This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed a directory traversal bsc1172037. - CVE-2019-16782: Fixed an...
SUSE-SU-2020:0359-1 Security update for rubygem-rack
This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548...
DLA-1585-1 ruby-rack - security update
Bulletin has no description...