Rack 安全漏洞

Rack is a modular Ruby web server interface. A security vulnerability exists in Rack. An attacker could exploit this vulnerability to perform a regular expression denial of service attack...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

Debian dla-3392 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3392 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected]...

DLA-3392-1 ruby-rack - security update

Bulletin has no description...

rubygem-rack: crafted multipart POST request may cause a DoS

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service...

Mageia: Security Advisory (MGASA-2023-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ruby-rack packages fix security vulnerability

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

Ubuntu: Security Advisory (USN-5910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3298 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3298 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3298-1 [email protected]...

DLA-3298-1 ruby-rack - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3298-1] ruby-rack security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3298-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS -...

Ubuntu: Security Advisory (USN-5253-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial of Service (ReDoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

rubygem-rack: crafted multipart POST request may cause a DoS

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-7c8b29195f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Amazon Linux 2022 : rubygem-puma (ALAS2022-2022-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-051 advisory. A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starv...

Debian dla-3095 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3095 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3095-1 [email protected]...