pkg:gem/rack

Type gem

Name rack

Known advisories, vulnerabilities and fixes for rack package.

Repository: https://rubygems.org/gems/rack

Critical 1

High 8

Medium 13

None 1

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 1.4.0	CVE-2011-5036	RUBYSEC:RACK-2011-5036	CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)	medium	2011-12-28T00:00:00 (12 years ago)
Fixed	= 1.1.3 = 1.2.5 = 1.3.6 >= 1.4.0	CVE-2011-5036	RUBYSEC:RACK-2011-5036	CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)	medium	2011-12-28T00:00:00 (12 years ago)
Affected	< 1.4.2	CVE-2012-6109	RUBYSEC:RACK-2012-6109	CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS	medium	2012-05-04T00:00:00 (12 years ago)
Fixed	= 1.1.4 = 1.2.6 = 1.3.7 >= 1.4.2	CVE-2012-6109	RUBYSEC:RACK-2012-6109	CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS	medium	2012-05-04T00:00:00 (12 years ago)
Affected	< 1.4.3	CVE-2013-0183	RUBYSEC:RACK-2013-0183	CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error	medium	2013-01-07T00:00:00 (11 years ago)
Fixed	= 1.3.8 >= 1.4.3	CVE-2013-0183	RUBYSEC:RACK-2013-0183	CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error	medium	2013-01-07T00:00:00 (11 years ago)
Affected	< 1.4.4	CVE-2013-0184	RUBYSEC:RACK-2013-0184	CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS	medium	2013-01-13T00:00:00 (11 years ago)
Fixed	= 1.1.5 = 1.2.7 = 1.3.9 >= 1.4.4	CVE-2013-0184	RUBYSEC:RACK-2013-0184	CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS	medium	2013-01-13T00:00:00 (11 years ago)
Affected	< 1.5.2	CVE-2013-0262	RUBYSEC:RACK-2013-0262	CVE-2013-0262 rubygem-rack: Path sanitization information disclosure	medium	2013-02-07T00:00:00 (11 years ago)
Fixed	= 1.4.5 >= 1.5.2	CVE-2013-0262	RUBYSEC:RACK-2013-0262	CVE-2013-0262 rubygem-rack: Path sanitization information disclosure	medium	2013-02-07T00:00:00 (11 years ago)
Affected	< 1.5.2	CVE-2013-0263	RUBYSEC:RACK-2013-0263	CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions	medium	2013-02-07T00:00:00 (11 years ago)
Fixed	= 1.1.6 = 1.2.8 = 1.3.10 = 1.4.5 >= 1.5.2	CVE-2013-0263	RUBYSEC:RACK-2013-0263	CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions	medium	2013-02-07T00:00:00 (11 years ago)
Affected	< 1.6.2	CVE-2015-3225	RUBYSEC:RACK-2015-3225	Potential Denial of Service Vulnerability in Rack	medium	2015-06-16T00:00:00 (9 years ago)
Fixed	>= 1.6.2 = 1.5.4 = 1.4.6	CVE-2015-3225	RUBYSEC:RACK-2015-3225	Potential Denial of Service Vulnerability in Rack	medium	2015-06-16T00:00:00 (9 years ago)
Affected	< 2.0.6	CVE-2018-16470	RUBYSEC:RACK-2018-16470	Possible DoS vulnerability in Rack	high	2018-11-05T00:00:00 (5 years ago)
Fixed	>= 2.0.6	CVE-2018-16470	RUBYSEC:RACK-2018-16470	Possible DoS vulnerability in Rack	high	2018-11-05T00:00:00 (5 years ago)
Unaffected	<= 2.0.3	CVE-2018-16470	RUBYSEC:RACK-2018-16470	Possible DoS vulnerability in Rack	high	2018-11-05T00:00:00 (5 years ago)
Affected	< 2.0.6	CVE-2018-16471	RUBYSEC:RACK-2018-16471	Possible XSS vulnerability in Rack	medium	2018-11-05T00:00:00 (5 years ago)
Fixed	= 1.6.11 >= 2.0.6	CVE-2018-16471	RUBYSEC:RACK-2018-16471	Possible XSS vulnerability in Rack	medium	2018-11-05T00:00:00 (5 years ago)
Affected	< 2.0.8	CVE-2019-16782	RUBYSEC:RACK-2019-16782	Possible information leak / session hijack vulnerability	medium	2019-12-18T00:00:00 (4 years ago)
Fixed	= 1.6.12 >= 2.0.8	CVE-2019-16782	RUBYSEC:RACK-2019-16782	Possible information leak / session hijack vulnerability	medium	2019-12-18T00:00:00 (4 years ago)
Affected	< 2.2.0	CVE-2020-8161	RUBYSEC:RACK-2020-8161	Directory traversal in Rack::Directory app bundled with Rack	high	2020-05-12T00:00:00 (4 years ago)
Fixed	= 2.1.3 >= 2.2.0	CVE-2020-8161	RUBYSEC:RACK-2020-8161	Directory traversal in Rack::Directory app bundled with Rack	high	2020-05-12T00:00:00 (4 years ago)
Affected	< 2.2.3	CVE-2020-8184	RUBYSEC:RACK-2020-8184	Percent-encoded cookies can be used to overwrite existing prefixed cookie names	high	2020-06-15T00:00:00 (4 years ago)
Fixed	= 2.1.4 >= 2.2.3	CVE-2020-8184	RUBYSEC:RACK-2020-8184	Percent-encoded cookies can be used to overwrite existing prefixed cookie names	high	2020-06-15T00:00:00 (4 years ago)
Affected	< 2.0.9.1 < 2.1.4.1 < 2.2.3.1 = 1.2	CVE-2022-30122	RUBYSEC:RACK-2022-30122	Denial of Service Vulnerability in Rack Multipart Parsing	high	2022-06-27T00:00:00 (2 years ago)
Fixed	= 2.0.9 >= 2.0.9.1 = 2.1.4 >= 2.1.4.1 >= 2.2.3.1	CVE-2022-30122	RUBYSEC:RACK-2022-30122	Denial of Service Vulnerability in Rack Multipart Parsing	high	2022-06-27T00:00:00 (2 years ago)
Unaffected	< 1.2	CVE-2022-30122	RUBYSEC:RACK-2022-30122	Denial of Service Vulnerability in Rack Multipart Parsing	high	2022-06-27T00:00:00 (2 years ago)
Affected	< 2.0.9.1 < 2.1.4.1 < 2.2.3.1	CVE-2022-30123	RUBYSEC:RACK-2022-30123	Possible shell escape sequence injection vulnerability in Rack	critical	2022-06-27T00:00:00 (2 years ago)
Fixed	= 2.0.9 >= 2.0.9.1 = 2.1.4 >= 2.1.4.1 >= 2.2.3.1	CVE-2022-30123	RUBYSEC:RACK-2022-30123	Possible shell escape sequence injection vulnerability in Rack	critical	2022-06-27T00:00:00 (2 years ago)
Affected	< 2.0.9.2 < 2.1.4.2 < 2.2.6.2 < 3.0.4.1	CVE-2022-44570	RUBYSEC:RACK-2022-44570	Denial of service via header parsing in Rack	high	2023-01-18T00:00:00 (20 months ago)
Fixed	= 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.2 >= 3.0.4.1	CVE-2022-44570	RUBYSEC:RACK-2022-44570	Denial of service via header parsing in Rack	high	2023-01-18T00:00:00 (20 months ago)
Affected	< 2.0.9.2 < 2.1.4.2 < 2.2.6.1 < 3.0.4.1	CVE-2022-44571	RUBYSEC:RACK-2022-44571	Denial of Service Vulnerability in Rack Content-Disposition parsing	high	2023-01-18T00:00:00 (20 months ago)
Fixed	= 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.1 >= 3.0.4.1	CVE-2022-44571	RUBYSEC:RACK-2022-44571	Denial of Service Vulnerability in Rack Content-Disposition parsing	high	2023-01-18T00:00:00 (20 months ago)
Affected	< 2.0.9.2 < 2.1.4.2 < 2.2.6.1 < 3.0.4.1	CVE-2022-44572	RUBYSEC:RACK-2022-44572	Denial of service via multipart parsing in Rack	high	2023-01-18T00:00:00 (20 months ago)
Fixed	= 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.1 >= 3.0.4.1	CVE-2022-44572	RUBYSEC:RACK-2022-44572	Denial of service via multipart parsing in Rack	high	2023-01-18T00:00:00 (20 months ago)
Affected	< 2.0.9.3 < 2.1.4.3 < 2.2.6.3 < 3.0.4.2	CVE-2023-27530	RUBYSEC:RACK-2023-27530	Possible DoS Vulnerability in Multipart MIME parsing	high	2023-03-03T00:00:00 (18 months ago)
Fixed	= 2.0.9 >= 2.0.9.3 = 2.1.4 >= 2.1.4.3 = 2.2.6 >= 2.2.6.3 >= 3.0.4.2	CVE-2023-27530	RUBYSEC:RACK-2023-27530	Possible DoS Vulnerability in Multipart MIME parsing	high	2023-03-03T00:00:00 (18 months ago)
Affected	< 2.2.6.4 < 3.0.6.1	CVE-2023-27539	RUBYSEC:RACK-2023-27539	Possible Denial of Service Vulnerability in Rack’s header parsing		2023-03-13T00:00:00 (18 months ago)
Fixed	= 2.0 >= 2.2.6.4 >= 3.0.6.1	CVE-2023-27539	RUBYSEC:RACK-2023-27539	Possible Denial of Service Vulnerability in Rack’s header parsing		2023-03-13T00:00:00 (18 months ago)
Affected	< 2.2.8.1 < 3.0.9.1 = 0.4	CVE-2024-25126	RUBYSEC:RACK-2024-25126	Denial of Service Vulnerability in Rack Content-Type Parsing	medium	2024-02-21T00:00:00 (7 months ago)
Fixed	= 2.2.8 >= 2.2.8.1 >= 3.0.9.1	CVE-2024-25126	RUBYSEC:RACK-2024-25126	Denial of Service Vulnerability in Rack Content-Type Parsing	medium	2024-02-21T00:00:00 (7 months ago)
Unaffected	< 0.4	CVE-2024-25126	RUBYSEC:RACK-2024-25126	Denial of Service Vulnerability in Rack Content-Type Parsing	medium	2024-02-21T00:00:00 (7 months ago)
Affected	< 2.2.8.1 < 3.0.9.1 = 1.3.0	CVE-2024-26141	RUBYSEC:RACK-2024-26141	Possible DoS Vulnerability with Range Header in Rack	medium	2024-02-21T00:00:00 (7 months ago)
Fixed	= 2.2.8 >= 2.2.8.1 >= 3.0.9.1	CVE-2024-26141	RUBYSEC:RACK-2024-26141	Possible DoS Vulnerability with Range Header in Rack	medium	2024-02-21T00:00:00 (7 months ago)
Unaffected	< 1.3.0	CVE-2024-26141	RUBYSEC:RACK-2024-26141	Possible DoS Vulnerability with Range Header in Rack	medium	2024-02-21T00:00:00 (7 months ago)
Affected	< 2.0.9.4 < 2.1.4.4 < 2.2.8.1 < 3.0.9.1	CVE-2024-26146	RUBYSEC:RACK-2024-26146	Possible Denial of Service Vulnerability in Rack Header Parsing	medium	2024-02-21T00:00:00 (7 months ago)
Fixed	= 2.0.9 >= 2.0.9.4 = 2.1.4 >= 2.1.4.4 = 2.2.8 >= 2.2.8.1 >= 3.0.9.1	CVE-2024-26146	RUBYSEC:RACK-2024-26146	Possible Denial of Service Vulnerability in Rack Header Parsing	medium	2024-02-21T00:00:00 (7 months ago)
Affected	< 3.1.5 = 3.1.0	CVE-2024-39316	RUBYSEC:RACK-2024-39316	Rack ReDoS Vulnerability in HTTP Accept Headers Parsing	medium	2024-07-03T00:00:00 (2 months ago)
Fixed	>= 3.1.5	CVE-2024-39316	RUBYSEC:RACK-2024-39316	Rack ReDoS Vulnerability in HTTP Accept Headers Parsing	medium	2024-07-03T00:00:00 (2 months ago)
Unaffected	< 3.1.0	CVE-2024-39316	RUBYSEC:RACK-2024-39316	Rack ReDoS Vulnerability in HTTP Accept Headers Parsing	medium	2024-07-03T00:00:00 (2 months ago)