Astra Linux – Vulnerability in Ruby-Rack

There is a denial-of-service vulnerability in the Content-Disposition parsing component of Rack, which was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow an attacker to create an input that causes the Content-Disposition header parsing in Rack to take an...

Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability in the multipart parsing component of Rack was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow attackers to craft input that causes the RFC2183 multipart boundary parsing in Rack to take an unexpectedly long time,...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005315 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

TencentOS Server 4: pcs (TSSA-2025:0511)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0511 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2019-0532

Malware in sbrugna...

EUVD-2021-2317

Malware in sbrugna...

EUVD-2021-0633

Malware in sbrugna...

EUVD-2022-7739

Malicious code in bioql PyPI...

EUVD-2023-1057

Malicious code in bioql PyPI...

EUVD-2023-0420

Malicious code in bioql PyPI...

EUVD-2023-0547

Malicious code in bioql PyPI...

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the ensuresameorigin function in the redirectprotector.rb file. An attacker can cause users to be redirected to an attacker-controlled origin by...

Linux Distros Unpatched Vulnerability : CVE-2025-49007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the...

SUSE CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

Ruby RACK 3.1.x < 3.1.16 DoS

The version of the RACK Ruby library installed on the remote host is 3.1.x prior to 3.1.16 . It is, therefore, affected by a DoS vulnerability where an attacker can create a crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting...

GHSA-47M2-26RW-J2JW ReDoS Vulnerability in Rack::Multipart handle_mime_head

Summary There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Details Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time,...

ReDoS Vulnerability in Rack::Multipart handle_mime_head

Summary There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Details Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time,...