pkg:gem/rack
Type
gem
Name
rack
Known advisories, vulnerabilities and fixes for rack package.
- Repository
- https://rubygems.org/gems/rack
Critical
1
High
8
Medium
13
None
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 1.4.0 |
CVE-2011-5036
|
RUBYSEC:RACK-2011-5036 | CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) | medium |
2011-12-28T00:00:00
(12 years ago) |
|
Fixed | = 1.1.3 = 1.2.5 = 1.3.6 >= 1.4.0 |
CVE-2011-5036
|
RUBYSEC:RACK-2011-5036 | CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) | medium |
2011-12-28T00:00:00
(12 years ago) |
|
Affected | < 1.4.2 |
CVE-2012-6109
|
RUBYSEC:RACK-2012-6109 | CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS | medium |
2012-05-04T00:00:00
(12 years ago) |
|
Fixed | = 1.1.4 = 1.2.6 = 1.3.7 >= 1.4.2 |
CVE-2012-6109
|
RUBYSEC:RACK-2012-6109 | CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS | medium |
2012-05-04T00:00:00
(12 years ago) |
|
Affected | < 1.4.3 |
CVE-2013-0183
|
RUBYSEC:RACK-2013-0183 | CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error | medium |
2013-01-07T00:00:00
(11 years ago) |
|
Fixed | = 1.3.8 >= 1.4.3 |
CVE-2013-0183
|
RUBYSEC:RACK-2013-0183 | CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error | medium |
2013-01-07T00:00:00
(11 years ago) |
|
Affected | < 1.4.4 |
CVE-2013-0184
|
RUBYSEC:RACK-2013-0184 | CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS | medium |
2013-01-13T00:00:00
(11 years ago) |
|
Fixed | = 1.1.5 = 1.2.7 = 1.3.9 >= 1.4.4 |
CVE-2013-0184
|
RUBYSEC:RACK-2013-0184 | CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS | medium |
2013-01-13T00:00:00
(11 years ago) |
|
Affected | < 1.5.2 |
CVE-2013-0262
|
RUBYSEC:RACK-2013-0262 | CVE-2013-0262 rubygem-rack: Path sanitization information disclosure | medium |
2013-02-07T00:00:00
(11 years ago) |
|
Fixed | = 1.4.5 >= 1.5.2 |
CVE-2013-0262
|
RUBYSEC:RACK-2013-0262 | CVE-2013-0262 rubygem-rack: Path sanitization information disclosure | medium |
2013-02-07T00:00:00
(11 years ago) |
|
Affected | < 1.5.2 |
CVE-2013-0263
|
RUBYSEC:RACK-2013-0263 | CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions | medium |
2013-02-07T00:00:00
(11 years ago) |
|
Fixed | = 1.1.6 = 1.2.8 = 1.3.10 = 1.4.5 >= 1.5.2 |
CVE-2013-0263
|
RUBYSEC:RACK-2013-0263 | CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions | medium |
2013-02-07T00:00:00
(11 years ago) |
|
Affected | < 1.6.2 |
CVE-2015-3225
|
RUBYSEC:RACK-2015-3225 | Potential Denial of Service Vulnerability in Rack | medium |
2015-06-16T00:00:00
(9 years ago) |
|
Fixed | >= 1.6.2 = 1.5.4 = 1.4.6 |
CVE-2015-3225
|
RUBYSEC:RACK-2015-3225 | Potential Denial of Service Vulnerability in Rack | medium |
2015-06-16T00:00:00
(9 years ago) |
|
Affected | < 2.0.6 |
CVE-2018-16470
|
RUBYSEC:RACK-2018-16470 | Possible DoS vulnerability in Rack | high |
2018-11-05T00:00:00
(5 years ago) |
|
Fixed | >= 2.0.6 |
CVE-2018-16470
|
RUBYSEC:RACK-2018-16470 | Possible DoS vulnerability in Rack | high |
2018-11-05T00:00:00
(5 years ago) |
|
Unaffected | <= 2.0.3 |
CVE-2018-16470
|
RUBYSEC:RACK-2018-16470 | Possible DoS vulnerability in Rack | high |
2018-11-05T00:00:00
(5 years ago) |
|
Affected | < 2.0.6 |
CVE-2018-16471
|
RUBYSEC:RACK-2018-16471 | Possible XSS vulnerability in Rack | medium |
2018-11-05T00:00:00
(5 years ago) |
|
Fixed | = 1.6.11 >= 2.0.6 |
CVE-2018-16471
|
RUBYSEC:RACK-2018-16471 | Possible XSS vulnerability in Rack | medium |
2018-11-05T00:00:00
(5 years ago) |
|
Affected | < 2.0.8 |
CVE-2019-16782
|
RUBYSEC:RACK-2019-16782 | Possible information leak / session hijack vulnerability | medium |
2019-12-18T00:00:00
(4 years ago) |
|
Fixed | = 1.6.12 >= 2.0.8 |
CVE-2019-16782
|
RUBYSEC:RACK-2019-16782 | Possible information leak / session hijack vulnerability | medium |
2019-12-18T00:00:00
(4 years ago) |
|
Affected | < 2.2.0 |
CVE-2020-8161
|
RUBYSEC:RACK-2020-8161 | Directory traversal in Rack::Directory app bundled with Rack | high |
2020-05-12T00:00:00
(4 years ago) |
|
Fixed | = 2.1.3 >= 2.2.0 |
CVE-2020-8161
|
RUBYSEC:RACK-2020-8161 | Directory traversal in Rack::Directory app bundled with Rack | high |
2020-05-12T00:00:00
(4 years ago) |
|
Affected | < 2.2.3 |
CVE-2020-8184
|
RUBYSEC:RACK-2020-8184 | Percent-encoded cookies can be used to overwrite existing prefixed cookie names | high |
2020-06-15T00:00:00
(4 years ago) |
|
Fixed | = 2.1.4 >= 2.2.3 |
CVE-2020-8184
|
RUBYSEC:RACK-2020-8184 | Percent-encoded cookies can be used to overwrite existing prefixed cookie names | high |
2020-06-15T00:00:00
(4 years ago) |
|
Affected | < 2.0.9.1 < 2.1.4.1 < 2.2.3.1 = 1.2 |
CVE-2022-30122
|
RUBYSEC:RACK-2022-30122 | Denial of Service Vulnerability in Rack Multipart Parsing | high |
2022-06-27T00:00:00
(2 years ago) |
|
Fixed | = 2.0.9 >= 2.0.9.1 = 2.1.4 >= 2.1.4.1 >= 2.2.3.1 |
CVE-2022-30122
|
RUBYSEC:RACK-2022-30122 | Denial of Service Vulnerability in Rack Multipart Parsing | high |
2022-06-27T00:00:00
(2 years ago) |
|
Unaffected | < 1.2 |
CVE-2022-30122
|
RUBYSEC:RACK-2022-30122 | Denial of Service Vulnerability in Rack Multipart Parsing | high |
2022-06-27T00:00:00
(2 years ago) |
|
Affected | < 2.0.9.1 < 2.1.4.1 < 2.2.3.1 |
CVE-2022-30123
|
RUBYSEC:RACK-2022-30123 | Possible shell escape sequence injection vulnerability in Rack | critical |
2022-06-27T00:00:00
(2 years ago) |
|
Fixed | = 2.0.9 >= 2.0.9.1 = 2.1.4 >= 2.1.4.1 >= 2.2.3.1 |
CVE-2022-30123
|
RUBYSEC:RACK-2022-30123 | Possible shell escape sequence injection vulnerability in Rack | critical |
2022-06-27T00:00:00
(2 years ago) |
|
Affected | < 2.0.9.2 < 2.1.4.2 < 2.2.6.2 < 3.0.4.1 |
CVE-2022-44570
|
RUBYSEC:RACK-2022-44570 | Denial of service via header parsing in Rack | high |
2023-01-18T00:00:00
(20 months ago) |
|
Fixed | = 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.2 >= 3.0.4.1 |
CVE-2022-44570
|
RUBYSEC:RACK-2022-44570 | Denial of service via header parsing in Rack | high |
2023-01-18T00:00:00
(20 months ago) |
|
Affected | < 2.0.9.2 < 2.1.4.2 < 2.2.6.1 < 3.0.4.1 |
CVE-2022-44571
|
RUBYSEC:RACK-2022-44571 | Denial of Service Vulnerability in Rack Content-Disposition parsing | high |
2023-01-18T00:00:00
(20 months ago) |
|
Fixed | = 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.1 >= 3.0.4.1 |
CVE-2022-44571
|
RUBYSEC:RACK-2022-44571 | Denial of Service Vulnerability in Rack Content-Disposition parsing | high |
2023-01-18T00:00:00
(20 months ago) |
|
Affected | < 2.0.9.2 < 2.1.4.2 < 2.2.6.1 < 3.0.4.1 |
CVE-2022-44572
|
RUBYSEC:RACK-2022-44572 | Denial of service via multipart parsing in Rack | high |
2023-01-18T00:00:00
(20 months ago) |
|
Fixed | = 2.0.9 >= 2.0.9.2 = 2.1.4 >= 2.1.4.2 = 2.2.6 >= 2.2.6.1 >= 3.0.4.1 |
CVE-2022-44572
|
RUBYSEC:RACK-2022-44572 | Denial of service via multipart parsing in Rack | high |
2023-01-18T00:00:00
(20 months ago) |
|
Affected | < 2.0.9.3 < 2.1.4.3 < 2.2.6.3 < 3.0.4.2 |
CVE-2023-27530
|
RUBYSEC:RACK-2023-27530 | Possible DoS Vulnerability in Multipart MIME parsing | high |
2023-03-03T00:00:00
(18 months ago) |
|
Fixed | = 2.0.9 >= 2.0.9.3 = 2.1.4 >= 2.1.4.3 = 2.2.6 >= 2.2.6.3 >= 3.0.4.2 |
CVE-2023-27530
|
RUBYSEC:RACK-2023-27530 | Possible DoS Vulnerability in Multipart MIME parsing | high |
2023-03-03T00:00:00
(18 months ago) |
|
Affected | < 2.2.6.4 < 3.0.6.1 |
CVE-2023-27539
|
RUBYSEC:RACK-2023-27539 | Possible Denial of Service Vulnerability in Rack’s header parsing |
2023-03-13T00:00:00
(18 months ago) |
||
Fixed | = 2.0 >= 2.2.6.4 >= 3.0.6.1 |
CVE-2023-27539
|
RUBYSEC:RACK-2023-27539 | Possible Denial of Service Vulnerability in Rack’s header parsing |
2023-03-13T00:00:00
(18 months ago) |
||
Affected | < 2.2.8.1 < 3.0.9.1 = 0.4 |
CVE-2024-25126
|
RUBYSEC:RACK-2024-25126 | Denial of Service Vulnerability in Rack Content-Type Parsing | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Fixed | = 2.2.8 >= 2.2.8.1 >= 3.0.9.1 |
CVE-2024-25126
|
RUBYSEC:RACK-2024-25126 | Denial of Service Vulnerability in Rack Content-Type Parsing | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Unaffected | < 0.4 |
CVE-2024-25126
|
RUBYSEC:RACK-2024-25126 | Denial of Service Vulnerability in Rack Content-Type Parsing | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Affected | < 2.2.8.1 < 3.0.9.1 = 1.3.0 |
CVE-2024-26141
|
RUBYSEC:RACK-2024-26141 | Possible DoS Vulnerability with Range Header in Rack | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Fixed | = 2.2.8 >= 2.2.8.1 >= 3.0.9.1 |
CVE-2024-26141
|
RUBYSEC:RACK-2024-26141 | Possible DoS Vulnerability with Range Header in Rack | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Unaffected | < 1.3.0 |
CVE-2024-26141
|
RUBYSEC:RACK-2024-26141 | Possible DoS Vulnerability with Range Header in Rack | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Affected | < 2.0.9.4 < 2.1.4.4 < 2.2.8.1 < 3.0.9.1 |
CVE-2024-26146
|
RUBYSEC:RACK-2024-26146 | Possible Denial of Service Vulnerability in Rack Header Parsing | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Fixed | = 2.0.9 >= 2.0.9.4 = 2.1.4 >= 2.1.4.4 = 2.2.8 >= 2.2.8.1 >= 3.0.9.1 |
CVE-2024-26146
|
RUBYSEC:RACK-2024-26146 | Possible Denial of Service Vulnerability in Rack Header Parsing | medium |
2024-02-21T00:00:00
(7 months ago) |
|
Affected | < 3.1.5 = 3.1.0 |
CVE-2024-39316
|
RUBYSEC:RACK-2024-39316 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing | medium |
2024-07-03T00:00:00
(2 months ago) |
|
Fixed | >= 3.1.5 |
CVE-2024-39316
|
RUBYSEC:RACK-2024-39316 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing | medium |
2024-07-03T00:00:00
(2 months ago) |
|
Unaffected | < 3.1.0 |
CVE-2024-39316
|
RUBYSEC:RACK-2024-39316 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing | medium |
2024-07-03T00:00:00
(2 months ago) |