Search CVE reports


Toggle filters

21 – 30 of 30 results


CVE-2017-11173

Medium priority

Some fixes available 2 of 3

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious...

1 affected package

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cors Not affected Fixed
Show less packages

CVE-2015-3225

Low priority

Some fixes available 2 of 10

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

3 affected packages

librack-ruby, ruby-rack, ruby-rack1.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librack-ruby Not in release Not in release Not in release Not in release
ruby-rack Not affected Not affected Not affected Not affected
ruby-rack1.4 Not in release Not in release Not in release Not in release
Show less packages

CVE-2014-2538

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party...

1 affected package

ruby-rack-ssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-ssl Not affected Not affected
Show less packages

CVE-2013-0184

Low priority

Some fixes available 8 of 11

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related...

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed
Show less packages

CVE-2013-0183

Low priority

Some fixes available 8 of 11

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed
Show less packages

CVE-2012-6109

Low priority

Some fixes available 8 of 11

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a...

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed
Show less packages

CVE-2013-0263

Medium priority

Some fixes available 8 of 11

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code...

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Fixed
Show less packages

CVE-2013-0262

Medium priority

Some fixes available 2 of 4

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory...

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack
Show less packages

CVE-2012-2671

Medium priority

Not in release

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.

1 affected package

ruby-rack-cache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cache
Show less packages

CVE-2011-5036

Medium priority
Ignored

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial...

1 affected package

ruby-rack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack Not affected
Show less packages