Search for packages
| purl | pkg:deb/debian/ruby-rack@1.4.1-2.1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-35e6-cpn8-w7h1 | Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." |
CVE-2013-0262
GHSA-85r7-w5mv-c849 OSV-89938 |
| VCID-91xe-ev7t-akb9 | Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. |
CVE-2012-6109
GHSA-h77x-m5q8-c29h OSV-89317 |
| VCID-9uh8-upzm-7bgd | Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." |
CVE-2013-0184
GHSA-v882-ccj6-jc48 OSV-89327 |
| VCID-teq8-nqhf-xbbq | Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. |
CVE-2013-0183
GHSA-3pxh-h8hw-mj8w OSV-89320 |
| VCID-y12d-fjpf-uubh | Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. |
CVE-2013-0263
GHSA-xc85-32mf-xpv8 OSV-89939 |