219 matches found
Astra Linux - уязвимость в ruby-rack
There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...
Astra Linux - уязвимость в ruby-rack
There is a directory traversal vulnerability in Rack versions prior to 2.2.0. This vulnerability allows attackers to exploit the directory traversal vulnerability in the Rack::Directory module, which is included with Rack. This could lead to the disclosure of sensitive information...
Astra Linux - уязвимость в ruby-rack
A denial-of-service vulnerability exists in the Range header parsing component of Rack, version 1.5.0 and later. A carefully crafted input can cause the Range header parsing component in Rack to take an unexpectedly long time, potentially leading to a denial-of-service attack. Any applications th...
ROS-20260513-73-0008
Vulnerability in rubygem-rack related to a flaw in http request handling. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...
Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017803)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017803 advisory. A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3, rack 2.1.4 that makes it is possible for an attacker to forge a...
Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017388)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017388 advisory. A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack. Tenable has extracted the precedin...
Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017387 advisory. A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components o...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-rack (UTSA-2026-016518)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016518 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...
RHCOS 6 : Red Hat OpenShift Enterprise 1.1.2 update (Moderate) (RHSA-2013:0638)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0638 advisory. - rubygem-rack: Path sanitization information disclosure CVE-2013-0262 - rubygem-rack: Timing attack in cookie sessions CVE-2013-026...
Astra Linux – Vulnerability in Ruby-Rack
A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...
Astra Linux – Vulnerability in Ruby-Rack
There is a possible denial-of-service vulnerability in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1, specifically in the multipart parsing component of Rack...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...
Linux Distros Unpatched Vulnerability : CVE-2026-26962
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers...
Linux Distros Unpatched Vulnerability : CVE-2026-34827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses...
Linux Distros Unpatched Vulnerability : CVE-2026-34785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static...
Linux Distros Unpatched Vulnerability : CVE-2026-34230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with...
Linux Distros Unpatched Vulnerability : CVE-2026-34826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limitin...
Linux Distros Unpatched Vulnerability : CVE-2026-34786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types agains...
Linux Distros Unpatched Vulnerability : CVE-2026-34830
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mappi...
Linux Distros Unpatched Vulnerability : CVE-2026-34829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO whe...