Lucene search
K
Rack ProjectRack

13 matches found

CVE
CVE
added 2022/12/05 12:0 a.m.409 views

CVE-2022-30123

Rack contains a sequence injection vulnerability (CVE-2022-30123) affecting Rack <2.0.9.1, <2.1.4.1, and

10CVSS9.3AI score0.01801EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.378 views

CVE-2022-30122

CVE-2022-30122 affects Rack’s multipart parsing in Rack <2.0.9.1, <2.1.4.1 and

7.5CVSS8.1AI score0.02056EPSS
CVE
CVE
added 2020/06/19 12:0 a.m.372 views

CVE-2020-8184

The CVE-2020-8184 entry concerns a vulnerability in rack where a reliance on cookies without validation or integrity checks allows forging a secure or host-only cookie prefix. Affected are rack versions older than 2.2.3 and older than 2.1.4. The underlying issue is insufficient cookie validation/...

7.5CVSS5.9AI score0.02938EPSS
CVE
CVE
added 2020/07/02 12:0 a.m.245 views

CVE-2020-8161

Summary of risk : CVE-2020-8161 is a directory-traversal vulnerability in Rack (

8.6CVSS7.9AI score0.03593EPSS
CVE
CVE
added 2018/11/13 11:0 p.m.227 views

CVE-2018-16471

CVE-2018-16471 (Rack XSS) Affected: Rack up to versions before 2.0.6 and 1.6.11. Issue: crafted requests can affect Rack::Request.scheme return value, enabling cross-site scripting if the value is not escaped by the app. Impact: potential XSS in apps that rely on Rack::Request.scheme without esca...

6.1CVSS5.7AI score0.01816EPSS
CVE
CVE
added 2018/11/13 11:0 p.m.186 views

CVE-2018-16470

CVE-2018-16470 affects the Rack web framework: a vulnerability in the multipart parser in Rack prior to 2.0.6 can cause a denial of service by a specially crafted request, forcing disproportionate CPU usage. The issue is tied to the multipart parser’s handling, leading to potential resource exhau...

7.5CVSS7.3AI score0.02033EPSS
CVE
CVE
added 2015/07/26 10:0 p.m.131 views

CVE-2015-3225

CVE-2015-3225: Rack (lib/rack/utils.rb) before 1.5.4 and 1.6.x before 1.6.2 allows remote abuse via requests with very large parameter depth, causing SystemStackError DoS. Public references confirm this is a vulnerability in Rack used with Rails 3.x/4.x. Remediation in public advisories: upgrade ...

5CVSS6.3AI score0.07778EPSS
CVE
CVE
added 2013/02/08 8:0 p.m.122 views

CVE-2013-0262

CVE-2013-0262 affects Rack’s Rack::File in Rack 1.5.x (before 1.5.2) and 1.4.x (before 1.4.5). A crafted PATH_INFO can cause a directory traversal, allowing an attacker to access arbitrary files outside the intended root. Root cause: improper PATH_INFO handling in Rack::File (symlink path travers...

4.3CVSS6.3AI score0.02952EPSS
CVE
CVE
added 2013/03/01 2:0 a.m.106 views

CVE-2013-0183

Rack multipart parser vulnerability (CVE-2013-0183) affects Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3. An attacker can send a long string in a Multipart HTTP packet to cause memory consumption or an out-of-memory denial of service. Existence of exploit details is not provided in the supplied...

5CVSS6.3AI score0.03778EPSS
CVE
CVE
added 2013/02/08 8:0 p.m.96 views

CVE-2013-0263

CVE-2013-0263 is a timing-attack vulnerability in Rack::Session::Cookie that allows remote attackers to guess the session cookie, potentially gain privileges, and execute arbitrary code. It affects Rack versions prior to patched releases: 1.5.2 (1.5.x), 1.4.5 (1.4.x), 1.3.10 (1.3.x), 1.2.8 (1.2.x...

5.1CVSS7.5AI score0.05281EPSS
CVE
CVE
added 2013/03/01 2:0 a.m.94 views

CVE-2012-6109

Rack vulnerability CVE-2012-6109: DoS via crafted Content-Disposition header due to an incorrect regular expression in Rack’s multipart header parser. Affected: Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2. Impact: potential infinite loop/DoS. Mitigation: upgr...

4.3CVSS6.3AI score0.02717EPSS
CVE
CVE
added 2013/03/01 2:0 a.m.78 views

CVE-2013-0184

CVE-2013-0184 affects Rack’s Rack::Auth::AbstractRequest. The vulnerability allows remote denial of service via unknown vectors related to symbolized arbitrary strings. Affected Rack versions: 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4. Remediation is to up...

4.3CVSS6.5AI score0.02418EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.73 views

CVE-2011-5036

Rack (Ruby web server interface) vulnerability CVE-2011-5036: hash parameter processing in Rack allows attackers to trigger hash collisions and cause CPU-based denial of service. Affected versions include Rack 1.x up to 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6. Root cause is predictable ...

5CVSS6.4AI score0.04016EPSS