Search for packages
| purl | pkg:gem/rack@2.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9xy8-h3y1-mubv
Aliases: CVE-2018-16471 GHSA-5r2p-j47h-mhpg |
Cross-site Scripting There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to HTTP or HTTPS and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not be impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. |
Affected by 27 other vulnerabilities. |
|
VCID-c21j-snf1-d3cb
Aliases: CVE-2022-44572 GHSA-rqv2-275x-2jq5 GMS-2023-66 |
Duplicate This advisory duplicates another. |
Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-vkrw-y1j6-6fe7
Aliases: CVE-2022-44571 GHSA-93pm-5p5f-3ghx GMS-2023-65 |
Duplicate This advisory duplicates another. |
Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-xkah-9nv9-wufd
Aliases: CVE-2023-27539 GHSA-c6qg-cjj8-47qp GMS-2023-769 |
Possible Denial of Service Vulnerability in Rack’s header parsing There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround. |
Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-yw62-qbkq-9ygq
Aliases: CVE-2019-16782 GHSA-hrqr-hxpp-chr3 |
Possible Information Leak / Session Hijack Vulnerability in Rack There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. ### Impact The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session. ## Releases The 1.6.12 and 2.0.8 releases are available at the normal locations. ### Workarounds There are no known workarounds. ### Patches To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 1-6-session-timing-attack.patch - Patch for 1.6 series * 2-0-session-timing-attack.patch - Patch for 2.6 series ### Credits Thanks Will Leinweber for reporting this! |
Affected by 26 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||