pkg:Debian/ruby-rack

All known vulnerabilities

• CRITICAL10.0CVE-2022-30123Possible shell escape sequence injection vulnerability in Rack
  from 0, < 2.1.4-3+deb11u1
• HIGH8.6CVE-2020-8161ruby-rack - security update
  from 0, < 2.1.1-5
• HIGH8.6CVE-2020-8161ruby-rack - security update
  from 0, < 1.5.2-3+deb8u3
• HIGH8.6ruby-rack - security update
  from 0, < 2.0.6-3+deb10u2
• HIGH8.6ruby-rack - security update
  from 0, < 1.6.4-4+deb9u2
• HIGH7.5Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
  from 0
• HIGH7.5Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
  from 0
• HIGH7.5Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
  from 0
• HIGH7.5Rack::Static prefix matching can expose unintended files under the static root
  from 0
• HIGH7.5ruby-rack - security update
  from 0, < 2.2.22-0+deb12u1
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u5
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u5
• HIGH7.5Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5ruby-rack - security update
  from 0, < 2.2.20-0+deb12u1
• HIGH7.5Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5Rack has an Unbounded-Parameter DoS in Rack::QueryParser
  from 0, < 2.1.4-3+deb11u4
• HIGH7.5Local File Inclusion in Rack::Static
  from 0, < 2.1.4-3+deb11u3
• HIGH7.5Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
  from 0, < 2.1.4-3+deb11u3
• HIGH7.5Rack has possible DoS Vulnerability with Range Header
  from 0, < 2.1.4-3+deb11u2
• HIGH7.5Rack Header Parsing leads to Possible Denial of Service Vulnerability
  from 0, < 2.1.4-3+deb11u2
• HIGH7.5ruby-rack - security update
  from 0, < 2.0.6-3+deb10u3
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5Denial of Service Vulnerability in Rack Content-Disposition parsing
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5Denial of service via header parsing in Rack
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5Denial of service via multipart parsing in Rack
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5ruby-rack - security update
  from 0, < 2.0.6-3+deb10u1
• HIGH7.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u1
• HIGH7.5Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
  from 0, < 2.1.1-6
• MEDIUM6.5ruby-rack - security update
  from 0, < 2.2.13-1~deb12u1
• MEDIUM6.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u3
• MEDIUM6.5ruby-rack - security update
  from 0, < 2.1.4-3+deb11u3
• MEDIUM6.3Possible Information Leak / Session Hijack Vulnerability in Rack
  from 0, < 2.1.1-2
• MEDIUM6.1ruby-rack - security update
  from 0, < 1.5.2-3+deb8u2
• MEDIUM6.1ruby-rack - security update
  from 0, < 1.6.4-6
• MEDIUM5.9Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
  from 0
• MEDIUM5.8Rack has a Possible Information Disclosure Vulnerability
  from 0, < 2.1.4-3+deb11u4
• MEDIUM5.4Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
  from 0, < 2.1.4-3+deb11u5
• MEDIUM5.3Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
  from 0
• MEDIUM5.3Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.
  from 0
• MEDIUM5.3Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
  from 0
• MEDIUM5.3Rack:: Static header_rules bypass via URL-encoded paths
  from 0
• MEDIUM5.3ReDoS Vulnerability in Rack::Multipart handle_mime_head
  from 0, < 3.1.16-0.1
• MEDIUM5.3ruby-rack - security update
  from 0, < 2.1.4-3+deb11u2
• MEDIUM5.3ruby-rack - security update
  from 0, < 2.1.4-3+deb11u2
• MEDIUM5.3ruby-rack - security update
  from 0, < 2.0.6-3+deb10u4
• MEDIUM5.3Possible Denial of Service Vulnerability in Rack's header parsing
  from 0, < 2.1.4-3+deb11u1
• MEDIUM4.8Rack::Request accepts invalid Host characters, enabling host allowlist bypass
  from 0
• MEDIUM4.8Rack has Content-Length mismatch in Rack::Files error responses
  from 0
• MEDIUM4.8Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
  from 0
• MEDIUM4.8Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values
  from 0
• MEDIUM4.2ruby-rack - security update
  from 0, < 2.1.4-3+deb11u4
• MEDIUM4.2ruby-rack - security update
  from 0, < 2.1.4-3+deb11u4
• —librack-ruby - several
  from 0, < 1.4.0-1
• —Rack arbitrary code execution via timing attack
  from 0, < 1.4.1-2.1
• —Rack vulnerable to Denial of Service
  from 0, < 1.4.1-2.1
• —Rack Vulnerable to Path Traversal
  from 0, < 1.4.1-2.1
• —Rack rubygems receiving excessively long lines triggers out-of-memory error
  from 0, < 1.4.1-2.1
• —Rack vulnerable to REDoS
  from 0, < 1.4.1-2.1
• —ruby-rack - security update
  from 0, < 1.4.1-2.1+deb7u1
• —ruby-rack - security update
  from 0, < 1.5.2-4