2 matches found
CVE-2026-34829 vulnerabilities
Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...
CVE-2026-34829
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...