Astra Linux - уязвимость в ruby-rack

A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial-of-service vulnerability ReDos, degree 2 polynomial. This vulnerability has been fixed in 3.0.9.1 and 2.2.8.1...

Astra Linux - уязвимость в puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...

Astra Linux - уязвимость в ruby-rack

A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...

Astra Linux - уязвимость в ruby-rack

There is a denial-of-service vulnerability in the header parsing component of Rack...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

Astra Linux - уязвимость в ruby-rack

There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...

GHSA-VPFW-47H7-XJ4G vulnerabilities

Vulnerabilities for packages: ruby3.3-rack...

Mageia: Security Advisory (MGASA-2026-0075)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ruby-rack packages fix security vulnerabilities

Rack has a Directory Traversal via Rack:Directory. CVE-2026-22860 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href. CVE-2026-25500...

Debian: Security Advisory (DSA-6180-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6180-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 26, 2026 https://www.debian.org/security/faq -...

DSA-6180-1 ruby-rack - security update

Bulletin has no description...

Debian dsa-6180 : ruby-rack - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6180 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected]...

Debian: Security Advisory (DLA-4505-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4505-1 ruby-rack - security update

Bulletin has no description...

[SECURITY] [DLA 4505-1] ruby-rack security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4505-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 23, 2026 https://wiki.debian.org/LTS -...

Debian dla-4505 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4505 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4505-1 [email protected]...

ruby4.0-rubygem-rack-session-2.1.1-1.3 on GA media (moderate)

ruby4.0-rubygem-rack-session-2.1.1-1.3 on GA media Announcement ID: openSUSE-SU-2026:10359-1 Rating: moderate Cross-References: CVE-2025-46336 CVSS scores: CVE-2025-46336 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves one...