Lucene search
K

37 matches found

CVE
CVE
added 2025/03/04 3:26 p.m.2034 views

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

7.5CVSS6.8AI score0.00699EPSS
CVE
CVE
added 2025/02/12 4:20 p.m.1973 views

CVE-2025-25184

CVE-2025-25184 affects Rack (Ruby) where CRLF injection in usernames can be logged by Rack::CommonLogger when credentials are supplied via Rack::Auth::Basic. The issue enables log entry manipulation by including CRLF and whitespace in the username, potentially breaking log formats or injecting fr...

7.1CVSS6.2AI score0.01095EPSS
CVE
CVE
added 2024/02/28 11:28 p.m.409 views

CVE-2024-25126

Rack (Ruby) is affected by CVE-2024-25126, a Denial of Service caused by pathological parsing of Content-Type headers in Rack’s media type parser. The issue is disclosed across multiple advisories and is addressed by patches in Rack versions 3.0.9.1 and 2.2.8.1. In connected advisories, related D...

7.5CVSS5.6AI score0.35376EPSS
CVE
CVE
added 2024/02/28 11:28 p.m.407 views

CVE-2024-26141

CVE-2024-26141 affects Rack, the modular Ruby web server interface. The issue arises when handling Range headers, allowing a server to respond with an unexpectedly large payload and potentially causing a denial of service in vulnerable Rack-based apps (including Rails) that use Rack::File or Rack...

7.5CVSS5.5AI score0.01612EPSS
CVE
CVE
added 2024/02/28 11:28 p.m.396 views

CVE-2024-26146

CVE-2024-26146 affects Rack (Ruby web server interface). It describes a Denial of Service due to header parsing delays caused by crafted Accept and Forwarded headers. Public details in connected sources confirm the impact is a DoS threat from header parsing in Rack; affected code path is Rack::Re...

7.5CVSS5.7AI score0.01996EPSS
CVE
CVE
added 2023/03/10 12:0 a.m.367 views

CVE-2023-27530

CVE-2023-27530 is a Denial of Service vulnerability in Rack’s Multipart MIME parsing. The issue affects Rack versions prior to v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, where crafted multipart requests can cause parsing to take disproportionately long. Public connected advisories confirm this i...

7.5CVSS7.3AI score0.0183EPSS
CVE
CVE
added 2019/12/18 7:5 p.m.345 views

CVE-2019-16782

CVE-2019-16782 : Rack (RubyGem) contains a timing-based information disclosure vulnerability that can enable session hijacking. The flaw arises from non-constant-time handling of session IDs in the backing store, allowing an attacker to infer a valid session ID by measuring lookup times. The issu...

6.3CVSS5.7AI score0.03687EPSS
CVE
CVE
added 2025/01/09 12:33 a.m.324 views

CVE-2023-27539

CVE-2023-27539 concerns a denial-of-service vulnerability in the header parsing component of Rack (Ruby Rack). The issue is described as a vulnerability in Rack's header parsing that can affect applications parsing HTTP headers with Rack, leading to potential DoS. The NVD metrics show a MEDIUM-se...

5.3CVSS6.3AI score0.01063EPSS
CVE
CVE
added 2025/03/10 10:19 p.m.322 views

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

7.5CVSS7.2AI score0.01068EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.307 views

CVE-2022-44571

CVE-2022-44571 describes a denial-of-service in Rack’s Content-Disposition parsing, impacting applications that parse multipart posts (virtually all Rails apps). The issue can be triggered by crafted input causing extended parsing time. Fixed in Rack versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0....

7.5CVSS7.2AI score0.01503EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.265 views

CVE-2022-44570

CVE-2022-44570 concerns a denial-of-service vulnerability in Rack’s Range header parsing for Rack versions >= 1.5.0. A carefully crafted input to the Range header can cause the parsing component to consume an unusually long amount of time, potentially enabling a DoS condition, affecting applic...

7.5CVSS7.2AI score0.01626EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.260 views

CVE-2022-44572

Rack’s multipart parsing vulnerability (CVE-2022-44572) allows crafted multipart input to cause excessive RFC2183 boundary parsing time, potentially yielding a DoS. Affected: Rack in Ruby/Rails applications; impact is rated high with network access and no user interaction. Root cause: DoS in the ...

7.5CVSS7.2AI score0.01617EPSS
CVE
CVE
added 2025/05/07 11:7 p.m.256 views

CVE-2025-46727

CVE-2025-46727 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without limiting the total number of parameters. The issue arises because R...

7.5CVSS7.4AI score0.00911EPSS
CVE
CVE
added 2025/06/04 10:42 p.m.199 views

CVE-2025-49007

CVE-2025-49007 affects Rack (Ruby web server middleware). A DoS can be triggered in the Content-Disposition header parsing before version 3.1.16. Affected releases include 3.1.0 up to 3.1.15; 3.1.16 contains the patch. This vulnerability impacts applications parsing multipart posts (e.g., Rails a...

8.7CVSS6.5AI score0.00483EPSS
CVE
CVE
added 2025/05/07 11:1 p.m.89 views

CVE-2025-32441

CVE-2025-32441 affects the Rack Ruby web server interface. Before 2.2.14, when using the Rack::Session::Pool middleware, concurrent requests can cause a deleted session to be restored, enabling an unauthenticated user to reuse that session. The exploitation scenario requires an attacker to obtain...

4.2CVSS4.4AI score0.00193EPSS
CVE
CVE
added 2024/07/02 3:57 p.m.75 views

CVE-2024-39316

Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...

6.5CVSS5.8AI score0.00856EPSS
CVE
CVE
added 2026/04/02 4:42 p.m.60 views

CVE-2026-26961

Rack vulnerable component: Rack::Multipart::Parser extracts multipart boundary from Content-Type using a greedy regex, causing last-boundary selection when multiple boundaries exist. This can allow smuggling of multipart content past upstream validation. Affected versions are before 2.2.23, 3.1.2...

5.3CVSS5.8AI score0.00253EPSS
CVE
CVE
added 2026/04/02 5:9 p.m.47 views

CVE-2026-34835

Rack exposes a vulnerability in Rack::Request where Host header parsing uses an AUTHORITY regex that accepts characters not allowed by RFC hostnames (e.g., /, ?, #, @). Versions affected: 3.0.0.beta1 through 3.1.20, and 3.2.0 through 3.2.5. This can allow host header poisoning when apps rely on r...

6.5CVSS5.8AI score0.00192EPSS
CVE
CVE
added 2025/10/10 7:22 p.m.44 views

CVE-2025-61919

CVE-2025-61919 : Rack’s Rack::Request#POST reads the entire body into memory for application/x-www-form-urlencoded and can cause DoS via memory exhaustion in affected versions prior to 2.2.20, 3.1.18, and 3.2.3. The fix enforces form parameter limits (query_parser.bytesize_limit) and prevents unb...

7.5CVSS6.4AI score0.00605EPSS
CVE
CVE
added 2025/09/25 2:37 p.m.39 views

CVE-2025-59830

Rack (Ruby web server interface) prior to version 2.2.18 is vulnerable in Rack::QueryParser where param counting is enforced only for parameters separated by & but parsing also splits on ;. This allows semicolon-separated parameters to bypass the params_limit and can lead to increased CPU/memory ...

7.5CVSS6.4AI score0.00535EPSS
CVE
CVE
added 2025/10/10 4:53 p.m.36 views

CVE-2025-61780

CVE-2025-61780 (Rack) affects Rack, a modular Ruby web server interface. The IBM security bulletin and Debian advisories describe a vulnerability in Rack::Sendfile when used behind a proxy that supports x-accel-redirect/x-sendfile headers. By sending crafted headers, an attacker could cause Rack:...

5.8CVSS5.9AI score0.00434EPSS
CVE
CVE
added 2026/02/18 6:45 p.m.35 views

CVE-2026-22860

CVE-2026-22860 — Rack (Ruby Rack) Directory Traversal Rack::Directory is vulnerable because its path check uses a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root and enable directory listing outside of the intended root. This issue affects...

7.5CVSS5.5AI score0.00665EPSS
CVE
CVE
added 2025/10/07 2:30 p.m.34 views

CVE-2025-61770

CVE-2025-61770 affects Rack’s multipart handling. In Rack versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble (bytes before the first boundary) in memory without a size limit, enabling a remote attacker to trigger large memory spikes and pote...

7.5CVSS6.5AI score0.00868EPSS
CVE
CVE
added 2026/02/18 6:59 p.m.27 views

CVE-2026-25500

Rack is a Ruby web server interface. CVE-2026-25500 affects Rack::Directory, where prior to versions 2.2.22, 3.1.20, and 3.2.5 an HTML directory index could include a link with href equal to javascript:alert(1), enabling stored XSS when a file on disk has a basename starting with the javascript: ...

5.4CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2026/04/02 4:47 p.m.27 views

CVE-2026-34830

CVE-2026-34830 affects Rack, specifically when using Rack::Sendfile#map_accel_path prior to versions 2.2.23, 3.1.21, and 3.2.6. The vulnerability arises because the X-Accel-Mapping header value is interpolated directly into a regular expression without escaping, allowing an attacker that can supp...

7.5CVSS5.8AI score0.00209EPSS
CVE
CVE
added 2026/04/02 4:45 p.m.25 views

CVE-2026-34826

CVE-2026-34826 affects Rack prior to 2.2.23, 3.1.21, and 3.2.6. Rack::Utils.get_byte_ranges does not cap the number of individual byte ranges in the HTTP Range header, allowing an attacker to send many small overlapping ranges that trigger disproportionate CPU, memory, I/O, and bandwidth usage in...

7.5CVSS6.5AI score0.0038EPSS
CVE
CVE
added 2025/10/07 2:42 p.m.23 views

CVE-2025-61771

CVE-2025-61771 affects Rack, a Ruby web server interface. The issue: Rack::Multipart::Parser buffers non-file form fields (parts without a filename) entirely in memory, allowing a single large text field in multipart/form-data to exhaust memory and cause DoS. Vulnerable versions are prior to 2.2....

7.5CVSS6.3AI score0.00528EPSS
CVE
CVE
added 2026/04/02 4:43 p.m.23 views

CVE-2026-34831

Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...

6.5CVSS5.8AI score0.00147EPSS
CVE
CVE
added 2025/10/07 3:2 p.m.22 views

CVE-2025-61772

Rack’s CVE-2025-61772 affects Rack::Multipart::Parser, which can accumulate unbounded per-part headers if a multipart part header never ends with a blank line. This leads to memory exhaustion and DoS on affected versions prior to 2.2.19, 3.1.17, and 3.2.2. The fix caps per-part header size (e.g.,...

7.5CVSS6.5AI score0.00868EPSS
CVE
CVE
added 2026/04/02 4:41 p.m.20 views

CVE-2026-34230

Rack is a modular Ruby web server interface. CVE-2026-34230 describes a denial-of-service risk where Rack::Utils.select_best_encoding enters quadratic time on Accept-Encoding headers with many wildcard entries, enabling an unauthenticated attacker to exhaust CPU in the Rack::Deflater path. The is...

7.5CVSS5.7AI score0.0043EPSS
CVE
CVE
added 2026/04/02 4:44 p.m.20 views

CVE-2026-34785

CVE-2026-34785 affects Rack (modular Ruby web server interface). Vulnerable component: Rack::Static. Issue: a simplistic string-prefix check for URL prefixes (e.g., "/css") causes matches on paths starting with that string, potentially serving files under the static root whose names merely share ...

7.5CVSS5.7AI score0.00387EPSS
CVE
CVE
added 2026/04/02 4:46 p.m.20 views

CVE-2026-34829

Rack is vulnerable to a Denial of Service caused by unbounded multipart file uploads when a request uses multipart/form-data without a Content-Length header. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO if CONTENT_LENGTH exists; w...

7.5CVSS5.8AI score0.00369EPSS
CVE
CVE
added 2026/04/02 4:44 p.m.16 views

CVE-2026-34786

Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...

5.3CVSS5.7AI score0.00195EPSS
CVE
CVE
added 2026/04/02 4:43 p.m.15 views

CVE-2026-34763

CVE-2026-34763 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root contains regex metacharacters (e.g., +, *...

5.3CVSS5.8AI score0.0024EPSS
CVE
CVE
added 2026/04/02 5:10 p.m.14 views

CVE-2026-26962

Summary : Rack (Ruby web server interface) versions 3.2.0–3.2.5 are affected by a header unfolding issue in Rack::Multipart::Parser. When a multipart header includes an obs-fold sequence, the parser preserves the embedded CRLF in parsed parameter values (e.g., filename or name) during unfolding, ...

6.5CVSS5.7AI score0.00227EPSS
CVE
CVE
added 2026/04/02 5:6 p.m.14 views

CVE-2026-32762

Rack is a modular Ruby web server interface. Vulnerability CVE-2026-32762 affects Rack::Utils.forwarded_values in versions 3.0.0.beta1–3.1.20 and 3.2.0–3.2.5, where the Forwarded header is parsed by splitting on semicolons before handling quoted values. Because semicolons may appear inside quoted...

6.5CVSS5.7AI score0.00179EPSS
CVE
CVE
added 2026/04/02 5:7 p.m.10 views

CVE-2026-34827

Rack CVE-2026-34827 describes an algorithmic-DoS in Rack::Multipart::Parser#handle_mime_head where quoted multipart parameters are parsed with repeated String#index searches and slice! prefix deletion. Affected versions are 3.0.0.beta1 up to before 3.1.21, and 3.2.0 up to before 3.2.6. An unauthe...

7.5CVSS5.8AI score0.00475EPSS