Lucene search
K

2253 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Rack vulnerabilities (USN-8182-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8182-1 advisory. Andrew Lacambra discovered that Rack did not properly parse certain regular...

7.5CVSS6AI score0.00475EPSS
Exploits2References14
Redos
Redos
added 2026/04/17 12:0 a.m.5 views

ROS-20260417-73-0027

Vulnerability in rubygem-rack related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

5.4CVSS6.8AI score0.00224EPSS
Exploits1
Redos
Redos
added 2026/04/17 12:0 a.m.8 views

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS6.7AI score0.00665EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 10:21 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.10 Vulnerability Details CVEID:CVE-2026-26961 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from...

7.5CVSS5.8AI score0.0043EPSS
Exploits0Affected Software5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.79 views

Ruby Rack < 2.2.23 / 3.0.x < 3.1.21 / 3.2 < 3.2.6 Multiple Vulnerabilities

The version of the Rack Ruby library installed on the remote host is prior to 2.2.23, prior to 3.1.21, or prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities: - Rack::Utils.getbyteranges parses HTTP Range header without limiting the number of individual byte ranges, leading to...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.5 views

Ruby Rack 3.2.x < 3.2.6 Header Injection Vulnerability

The version of the Rack Ruby library installed on the remote host is 3.2.0 or later but prior to 3.2.6. It is, therefore, affected by a header injection vulnerability: - Rack::Multipart::Parser unfolds folded multipart part headers incorrectly, preserving embedded CRLF in parsed parameter values...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/09 11:25 p.m.40 views

SUSE CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.8AI score0.0027EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/08 10:35 a.m.6 views

CVE-2026-39324

A flaw was found in Rack::Session. When configured with secrets, the Rack::Session::Cookie component incorrectly handles decryption failures. This allows an unauthenticated attacker to provide a specially crafted session cookie that is accepted as valid, even without knowledge of the configured...

9.8CVSS5.9AI score0.0027EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:15 a.m.6 views

GHSA-33QG-7WPP-89CQ Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted ...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:15 a.m.7 views

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted ...

9.8CVSS5.9AI score0.0027EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/08 12:15 a.m.5 views

Not Failing Securely ('Failing Open')

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...

9.8CVSS5.8AI score0.0027EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:0 a.m.3 views

OPENSUSE-SU-2026:10508-1 ruby4.0-rubygem-rack-2.2-2.2.23-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.23-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References9
RubySec
RubySec
added 2026/04/08 12:0 a.m.9 views

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

'Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted...

9.8CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/04/07 6:16 p.m.5 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS0.0027EPSS
Exploits1References1
OSV
OSV
added 2026/04/07 6:16 p.m.7 views

DEBIAN-CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS5.4AI score0.0027EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/07 6:16 p.m.13 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS5.9AI score0.0027EPSS
Exploits1References4
OSV
OSV
added 2026/04/07 6:16 p.m.11 views

UBUNTU-CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.8CVSS5.8AI score0.0027EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/07 6:13 p.m.20 views

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS0.0027EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:13 p.m.4 views

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:13 p.m.3 views

CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder