Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 30 results


CVE-2024-39316

Medium priority
Ignored

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35231

Medium priority
Needs evaluation

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data...

1 affected packages

ruby-rack-contrib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-contrib Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2024-26146

Medium priority
Fixed

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-26141

Medium priority
Fixed

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue....

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-25126

Medium priority
Fixed

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed Fixed Fixed Not affected Not affected
Show less packages

CVE-2024-27456

Negligible priority
Not affected

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

1 affected packages

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cors Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-27539

Medium priority

Some fixes available 6 of 8

Possible Denial of Service Vulnerability in Rack’s header parsing

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-27530

Medium priority

Some fixes available 3 of 8

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected Fixed Fixed Ignored Ignored
Show less packages

CVE-2022-44572

Medium priority

Some fixes available 2 of 3

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2022-44571

Medium priority

Some fixes available 5 of 6

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header...

1 affected packages

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected Fixed Fixed Fixed Fixed
Show less packages