USN-6689-1 ruby-rack vulnerabilities

It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

Mageia: Security Advisory (MGASA-2024-0042)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ruby-rack fixes a vulnerability and some bugs

This update to 2.2.8 fixes CVE-2023-27539 and some bugs...

MGASA-2024-0042 Updated ruby-rack fixes a vulnerability and some bugs

This update to 2.2.8 fixes CVE-2023-27539 and some bugs...

UBUNTU-CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

CVE-2024-21647 HTTP Request/Response Smuggling in puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

Debian: Security Advisory (DSA-5530-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-5530-1 ruby-rack - security update

Bulletin has no description...

DEBIAN-CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

Debian: Security Advisory (DLA-3392-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rack 安全漏洞

Rack is a modular Ruby web server interface. A security vulnerability exists in Rack. An attacker could exploit this vulnerability to perform a regular expression denial of service attack...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3392-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected] https://www.debian.org/lts/security/ Scarlett Moore April 17, 2023 https://wiki.debian.org/LTS -...

Debian dla-3392 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3392 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3392-1 [email protected]...

DLA-3392-1 ruby-rack - security update

Bulletin has no description...

rubygem-rack: crafted multipart POST request may cause a DoS

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service...

Mageia: Security Advisory (MGASA-2023-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ruby-rack packages fix security vulnerability

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...