Internet Bug Bounty: Possible DoS Vulnerability with Range Header in Rack

A potential denial-of-service vulnerability was discovered in the Rack web server interface for Ruby. The vulnerability was assigned the CVE identifier CVE-2024-26141 and affected versions of Rack 1.3.0 and later. The vulnerability was caused by carefully crafted Range request headers, which coul...

[SECURITY] Fedora 40 Update: rust-rbspy-0.17.0-5.fc40

Sampling CPU profiler for Ruby...

[SECURITY] [DSA 5698-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5698-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq -...

DSA-5698-1 ruby-rack - security update

Bulletin has no description...

ROS-20240524-03

A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Debian dsa-5698 : ruby-rack - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5698 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5698-1 [email protected]...

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Rack Header. Carefully crafted headers can cause header parsing in Rack to take longer than expected, resulting in a possible denial of service issue. Accept and Forwarded headers are impacted...

CentOS 8 : pcs (CESA-2024:2953)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2953 advisory. - Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-36078

The CVE-2024-36078 issue affects Zammad prior to 6.3.1, where a bundled Ruby gem is installed with world-writable permissions. This enables a local attacker on the server to modify the gem’s files and inject arbitrary code into Zammad processes running under the Zammad user’s environment, potenti...

REXML contains a denial of service vulnerability

...

PT-2024-26886 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions prior to 6.3.1 Description: A Ruby gem bundled by Zammad is installed with world-writable file permissions, allowing a local attacker on the server to modify the gem's files and inject arbitrary code into Zammad processes. The...

OESA-2024-1608 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...

OESA-2024-1607 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...

OESA-2024-1610 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...

OESA-2024-1609 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...