Search for packages
| purl | pkg:gem/rack@0.4 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7zgg-tvu3-r7gt
Aliases: CVE-2024-25126 GHSA-22f2-v57c-j9cx |
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) ### Summary ```ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} ``` The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. ### PoC A simple HTTP request with lots of blank characters in the content-type header: ```ruby request["Content-Type"] = (" " * 50_000) + "a," ``` ### Impact It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable. |
Affected by 14 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-91xe-ev7t-akb9
Aliases: CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317 |
Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. Affected by 34 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 32 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:04:43.779000+00:00 | GHSA Importer | Affected by | VCID-7zgg-tvu3-r7gt | https://github.com/advisories/GHSA-22f2-v57c-j9cx | 38.0.0 |
| 2026-04-01T15:18:29.457258+00:00 | Ruby Importer | Affected by | VCID-7zgg-tvu3-r7gt | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml | 38.0.0 |
| 2026-04-01T12:52:35.374157+00:00 | GitLab Importer | Affected by | VCID-7zgg-tvu3-r7gt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2024-25126.yml | 38.0.0 |
| 2026-04-01T12:46:48.365256+00:00 | GitLab Importer | Affected by | VCID-91xe-ev7t-akb9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2012-6109.yml | 38.0.0 |