182 matches found
Debian: Security Advisory (DLA-2275-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2275-1 : ruby-rack security update
The following CVEs were reported against src:ruby-rack. CVE-2020-8161 A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure...
[SECURITY] [DLA 2275-1] ruby-rack security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2275-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 10, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
DLA-2275-1 ruby-rack - security update
Bulletin has no description...
MGASA-2020-0252 Updated ruby-rack packages fix security vulnerability
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
Updated ruby-rack packages fix security vulnerability
Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
rubygem-rack: hijack sessions by using timing attacks targeting the session id
A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality...
Debian: Security Advisory (DLA-2216-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2216-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u3 CVE ID : CVE-2020-8161 There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this...
HTTP Request Smuggling
Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...
DLA-2216-1 ruby-rack - security update
Bulletin has no description...
Debian: Security Advisory (DLA-2096-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2096-1 : ruby-rack-cors security update
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 'Jessie', this problem has been fixed in version 0.2.9-1+deb8u1. We recommend that you upgrade your ruby-rack-cors packages...
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
Package : ruby-rack-cors Version : 0.2.9-1+deb8u1 CVE ID : CVE-2019-18978 This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 "Jessie", this problem has been fixed in version...
DLA-2096-1 ruby-rack-cors - security update
Bulletin has no description...
Ubuntu: Security Advisory (USN-4089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4089-1 ruby-rack vulnerability
It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting XSS attack...
Debian DLA-1585-1 : ruby-rack security update
It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8 'Jessie', this issue has been fixed in ruby-rack version 1.5.2-3+deb8u2. We recommend that y...
[SECURITY] [DLA 1585-1] ruby-rack security update
Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...
DLA-1585-1 ruby-rack - security update
Bulletin has no description...