OPENSUSE-SU-2026:10286-1 ruby4.0-rubygem-rack-2.2-2.2.22-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.22-1.1 package on the GA media of openSUSE Tumbleweed...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005322 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Typ...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:4273-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4273-1 advisory. - Update to version 2.2.20 bsc1251936 - CVE-2025-61919: Fixed application/x-www-form-urlencoded, calling rack.input.readnil witho...

Fedora 43 : rubygem-rack (2025-b6e0f437b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b6e0f437b6 advisory. Update to Rack 3.1.19 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

OPENSUSE-SU-2025:15621-1 ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.19-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2020-0537

Malware in sbrugna...

OPENSUSE-SU-2025:15587-1 ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2025-32441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a...

Allocation of Resources Without Limits or Throttling

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

GHSA-PFQJ-W6R6-G86V Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

DEBIAN-CVE-2024-26146

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ru...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

PT-2013-2198

Name of the Vulnerable Software and Affected Versions Rack versions 1.1.x before 1.1.6 Rack versions 1.2.x before 1.2.8 Rack versions 1.3.x before 1.3.10 Rack versions 1.4.x before 1.4.5 Rack versions 1.5.x before 1.5.2 Description The issue allows remote attackers to guess the session cookie, ga...

CVE-2011-5036

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...