37 matches found
CVE-2025-27111
Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...
CVE-2025-25184
CVE-2025-25184 affects Rack (Ruby) where CRLF injection in usernames can be logged by Rack::CommonLogger when credentials are supplied via Rack::Auth::Basic. The issue enables log entry manipulation by including CRLF and whitespace in the username, potentially breaking log formats or injecting fr...
CVE-2024-25126
Rack (Ruby) is affected by CVE-2024-25126, a Denial of Service caused by pathological parsing of Content-Type headers in Rack’s media type parser. The issue is disclosed across multiple advisories and is addressed by patches in Rack versions 3.0.9.1 and 2.2.8.1. In connected advisories, related D...
CVE-2024-26141
CVE-2024-26141 affects Rack, the modular Ruby web server interface. The issue arises when handling Range headers, allowing a server to respond with an unexpectedly large payload and potentially causing a denial of service in vulnerable Rack-based apps (including Rails) that use Rack::File or Rack...
CVE-2024-26146
CVE-2024-26146 affects Rack (Ruby web server interface). It describes a Denial of Service due to header parsing delays caused by crafted Accept and Forwarded headers. Public details in connected sources confirm the impact is a DoS threat from header parsing in Rack; affected code path is Rack::Re...
CVE-2023-27530
CVE-2023-27530 is a Denial of Service vulnerability in Rack’s Multipart MIME parsing. The issue affects Rack versions prior to v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, where crafted multipart requests can cause parsing to take disproportionately long. Public connected advisories confirm this i...
CVE-2019-16782
CVE-2019-16782 : Rack (RubyGem) contains a timing-based information disclosure vulnerability that can enable session hijacking. The flaw arises from non-constant-time handling of session IDs in the backing store, allowing an attacker to infer a valid session ID by measuring lookup times. The issu...
CVE-2023-27539
CVE-2023-27539 concerns a denial-of-service vulnerability in the header parsing component of Rack (Ruby Rack). The issue is described as a vulnerability in Rack's header parsing that can affect applications parsing HTTP headers with Rack, leading to potential DoS. The NVD metrics show a MEDIUM-se...
CVE-2025-27610
Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...
CVE-2022-44571
CVE-2022-44571 describes a denial-of-service in Rack’s Content-Disposition parsing, impacting applications that parse multipart posts (virtually all Rails apps). The issue can be triggered by crafted input causing extended parsing time. Fixed in Rack versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0....
CVE-2022-44570
CVE-2022-44570 concerns a denial-of-service vulnerability in Rack’s Range header parsing for Rack versions >= 1.5.0. A carefully crafted input to the Range header can cause the parsing component to consume an unusually long amount of time, potentially enabling a DoS condition, affecting applic...
CVE-2022-44572
Rack’s multipart parsing vulnerability (CVE-2022-44572) allows crafted multipart input to cause excessive RFC2183 boundary parsing time, potentially yielding a DoS. Affected: Rack in Ruby/Rails applications; impact is rated high with network access and no user interaction. Root cause: DoS in the ...
CVE-2025-46727
CVE-2025-46727 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without limiting the total number of parameters. The issue arises because R...
CVE-2025-49007
CVE-2025-49007 affects Rack (Ruby web server middleware). A DoS can be triggered in the Content-Disposition header parsing before version 3.1.16. Affected releases include 3.1.0 up to 3.1.15; 3.1.16 contains the patch. This vulnerability impacts applications parsing multipart posts (e.g., Rails a...
CVE-2025-32441
CVE-2025-32441 affects the Rack Ruby web server interface. Before 2.2.14, when using the Rack::Session::Pool middleware, concurrent requests can cause a deleted session to be restored, enabling an unauthenticated user to reuse that session. The exploitation scenario requires an attacker to obtain...
CVE-2024-39316
Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...
CVE-2026-26961
Rack vulnerable component: Rack::Multipart::Parser extracts multipart boundary from Content-Type using a greedy regex, causing last-boundary selection when multiple boundaries exist. This can allow smuggling of multipart content past upstream validation. Affected versions are before 2.2.23, 3.1.2...
CVE-2026-34835
Rack exposes a vulnerability in Rack::Request where Host header parsing uses an AUTHORITY regex that accepts characters not allowed by RFC hostnames (e.g., /, ?, #, @). Versions affected: 3.0.0.beta1 through 3.1.20, and 3.2.0 through 3.2.5. This can allow host header poisoning when apps rely on r...
CVE-2025-61919
CVE-2025-61919 : Rack’s Rack::Request#POST reads the entire body into memory for application/x-www-form-urlencoded and can cause DoS via memory exhaustion in affected versions prior to 2.2.20, 3.1.18, and 3.2.3. The fix enforces form parameter limits (query_parser.bytesize_limit) and prevents unb...
CVE-2025-59830
Rack (Ruby web server interface) prior to version 2.2.18 is vulnerable in Rack::QueryParser where param counting is enforced only for parameters separated by & but parsing also splits on ;. This allows semicolon-separated parameters to bypass the params_limit and can lead to increased CPU/memory ...
CVE-2025-61780
CVE-2025-61780 (Rack) affects Rack, a modular Ruby web server interface. The IBM security bulletin and Debian advisories describe a vulnerability in Rack::Sendfile when used behind a proxy that supports x-accel-redirect/x-sendfile headers. By sending crafted headers, an attacker could cause Rack:...
CVE-2026-22860
CVE-2026-22860 — Rack (Ruby Rack) Directory Traversal Rack::Directory is vulnerable because its path check uses a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root and enable directory listing outside of the intended root. This issue affects...
CVE-2025-61770
CVE-2025-61770 affects Rack’s multipart handling. In Rack versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble (bytes before the first boundary) in memory without a size limit, enabling a remote attacker to trigger large memory spikes and pote...
CVE-2026-25500
Rack is a Ruby web server interface. CVE-2026-25500 affects Rack::Directory, where prior to versions 2.2.22, 3.1.20, and 3.2.5 an HTML directory index could include a link with href equal to javascript:alert(1), enabling stored XSS when a file on disk has a basename starting with the javascript: ...
CVE-2026-34830
CVE-2026-34830 affects Rack, specifically when using Rack::Sendfile#map_accel_path prior to versions 2.2.23, 3.1.21, and 3.2.6. The vulnerability arises because the X-Accel-Mapping header value is interpolated directly into a regular expression without escaping, allowing an attacker that can supp...
CVE-2026-34826
CVE-2026-34826 affects Rack prior to 2.2.23, 3.1.21, and 3.2.6. Rack::Utils.get_byte_ranges does not cap the number of individual byte ranges in the HTTP Range header, allowing an attacker to send many small overlapping ranges that trigger disproportionate CPU, memory, I/O, and bandwidth usage in...
CVE-2025-61771
CVE-2025-61771 affects Rack, a Ruby web server interface. The issue: Rack::Multipart::Parser buffers non-file form fields (parts without a filename) entirely in memory, allowing a single large text field in multipart/form-data to exhaust memory and cause DoS. Vulnerable versions are prior to 2.2....
CVE-2026-34831
Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...
CVE-2025-61772
Rack’s CVE-2025-61772 affects Rack::Multipart::Parser, which can accumulate unbounded per-part headers if a multipart part header never ends with a blank line. This leads to memory exhaustion and DoS on affected versions prior to 2.2.19, 3.1.17, and 3.2.2. The fix caps per-part header size (e.g.,...
CVE-2026-34230
Rack is a modular Ruby web server interface. CVE-2026-34230 describes a denial-of-service risk where Rack::Utils.select_best_encoding enters quadratic time on Accept-Encoding headers with many wildcard entries, enabling an unauthenticated attacker to exhaust CPU in the Rack::Deflater path. The is...
CVE-2026-34785
CVE-2026-34785 affects Rack (modular Ruby web server interface). Vulnerable component: Rack::Static. Issue: a simplistic string-prefix check for URL prefixes (e.g., "/css") causes matches on paths starting with that string, potentially serving files under the static root whose names merely share ...
CVE-2026-34829
Rack is vulnerable to a Denial of Service caused by unbounded multipart file uploads when a request uses multipart/form-data without a Content-Length header. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO if CONTENT_LENGTH exists; w...
CVE-2026-34786
Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...
CVE-2026-34763
CVE-2026-34763 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root contains regex metacharacters (e.g., +, *...
CVE-2026-26962
Summary : Rack (Ruby web server interface) versions 3.2.0–3.2.5 are affected by a header unfolding issue in Rack::Multipart::Parser. When a multipart header includes an obs-fold sequence, the parser preserves the embedded CRLF in parsed parameter values (e.g., filename or name) during unfolding, ...
CVE-2026-32762
Rack is a modular Ruby web server interface. Vulnerability CVE-2026-32762 affects Rack::Utils.forwarded_values in versions 3.0.0.beta1–3.1.20 and 3.2.0–3.2.5, where the Forwarded header is parsed by splitting on semicolons before handling quoted values. Because semicolons may appear inside quoted...
CVE-2026-34827
Rack CVE-2026-34827 describes an algorithmic-DoS in Rack::Multipart::Parser#handle_mime_head where quoted multipart parameters are parsed with repeated String#index searches and slice! prefix deletion. Affected versions are 3.0.0.beta1 up to before 3.1.21, and 3.2.0 up to before 3.2.6. An unauthe...