194 matches found
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffered the entire multipart preamble bytes before the first boundary in memory, without any size limit. This caused significant memory usage and potential process termination due...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...
Astra Linux – Vulnerability in Ruby-Rack
There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...
Astra Linux – Vulnerability in Ruby-Rack
There is a denial-of-service vulnerability in the header parsing component of Rack...
Astra Linux – Vulnerability in Ruby-Rack
A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...
Astra Linux – Vulnerability in Puma
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...
The vulnerability of the Ruby-based Rack web server module interface parser allows a attacker to cause a denial-of-service attack.
The vulnerability of the Ruby-based Rack web server module interface parser involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Astra Linux – Vulnerability in Ruby-Rack
A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial-of-service vulnerability ReDos, degree 2 polynomial. This vulnerability has been fixed in 3.0.9.1 and 2.2.8.1...
GHSA-VPFW-47H7-XJ4G vulnerabilities
Vulnerabilities for packages: ruby4.0-rack, ruby3.2-rack, ruby3.4-rack, ruby3.3-rack...
Mageia: Security Advisory (MGASA-2026-0075)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated ruby-rack packages fix security vulnerabilities
Rack has a Directory Traversal via Rack:Directory. CVE-2026-22860 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href. CVE-2026-25500...
Debian: Security Advisory (DSA-6180-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6180-1] ruby-rack security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 26, 2026 https://www.debian.org/security/faq -...
Debian dsa-6180 : ruby-rack - security update
The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6180 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected]...
DSA-6180-1 ruby-rack - security update
Bulletin has no description...
Debian: Security Advisory (DLA-4505-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-4505-1 ruby-rack - security update
Bulletin has no description...
[SECURITY] [DLA 4505-1] ruby-rack security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4505-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 23, 2026 https://wiki.debian.org/LTS -...
Debian dla-4505 : ruby-rack - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4505 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4505-1 [email protected]...