193 matches found
Ubuntu: Security Advisory (USN-4571-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4571-1 ruby-rack-cors vulnerability
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...
USN-4571-1: rack-cors vulnerability
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...
Debian DLA-2389-1 : ruby-rack-cors security update
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 9 stretch, this problem has been fixed in version 0.4.0-1+deb9u2. We recommend that you upgrade your ruby-rack-cors packages. For...
Debian: Security Advisory (DLA-2389-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2389-1] ruby-rack-cors security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...
Ubuntu: Security Advisory (USN-4561-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4561-1 ruby-rack vulnerabilities
It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. CVE-2020-8161 It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. CVE-2020-8184...
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma arises from incorrect handling of characters such as CR, LF, /r, and /n before data is inserted into HTTP headers. This allows attackers to perform cross-site scripting attacks.
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to the improper elimination of characters CR, LF, /r, and /n before data is entered into the HTTP headers. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of HTTP servers for Ruby/Rack applications, Puma, relates to deficiencies in HTTP request processing, allowing attackers to influence the integrity of information.
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to influence the integrity of information...
MGASA-2020-0306 Updated ruby-rack packages fix security vulnerability
A reliance on cookies without validation/integrity check security vulnerability exists in rack 2.2.3 that makes it is possible for an attacker to forge a secure or host-only cookie prefix CVE-2020-8184...
Debian: Security Advisory (DLA-2275-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2275-1 : ruby-rack security update
The following CVEs were reported against src:ruby-rack. CVE-2020-8161 A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure...
[SECURITY] [DLA 2275-1] ruby-rack security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2275-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 10, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
DLA-2275-1 ruby-rack - security update
Bulletin has no description...
MGASA-2020-0252 Updated ruby-rack packages fix security vulnerability
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
Updated ruby-rack packages fix security vulnerability
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
rubygem-rack: hijack sessions by using timing attacks targeting the session id
A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality...
Debian: Security Advisory (DLA-2216-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2216-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u3 CVE ID : CVE-2020-8161 There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this...