HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

DLA-2216-1 ruby-rack - security update

Bulletin has no description...

Debian: Security Advisory (DLA-2096-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2096-1 : ruby-rack-cors security update

This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 'Jessie', this problem has been fixed in version 0.2.9-1+deb8u1. We recommend that you upgrade your ruby-rack-cors packages...

[SECURITY] [DLA 2096-1] ruby-rack-cors security update

Package : ruby-rack-cors Version : 0.2.9-1+deb8u1 CVE ID : CVE-2019-18978 This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 "Jessie", this problem has been fixed in version...

DLA-2096-1 ruby-rack-cors - security update

Bulletin has no description...

Ubuntu: Security Advisory (USN-4089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4089-1 ruby-rack vulnerability

It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting XSS attack...

Debian DLA-1585-1 : ruby-rack security update

It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8 'Jessie', this issue has been fixed in ruby-rack version 1.5.2-3+deb8u2. We recommend that y...

[SECURITY] [DLA 1585-1] ruby-rack security update

Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...

DLA-1585-1 ruby-rack - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1585-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2018-0449 Updated ruby-rack packages fix security vulnerability

There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...

Debian DSA-4247-1 : ruby-rack-protection - security update

A timing attack was discovered in the function for CSRF token validation of the 'Ruby rack protection' framework. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4247. The text itself is copyright C Software ...

Debian: Security Advisory (DSA-4247-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3931-1 : ruby-rack-cors - security update

Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3931. The...

DSA-3931-1 ruby-rack-cors - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3931-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0346)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201405-10

Gentoo Linux Local Security Checks GLSA 201405-10 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...