Search for packages
| purl | pkg:gem/rack@1.2 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-91xe-ev7t-akb9
Aliases: CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317 |
Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. |
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-9uh8-upzm-7bgd
Aliases: CVE-2013-0184 GHSA-v882-ccj6-jc48 OSV-89327 |
Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." |
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ge4d-a8z8-m3c6
Aliases: CVE-2011-5036 GHSA-v6j3-7jrw-hq2p OSV-78121 |
Hash Collision Form Parameter Parsing Remote DoS This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-qt1u-2p37-xfet
Aliases: CVE-2022-30122 GHSA-hxqx-xwvh-44m2 GMS-2022-1643 |
Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. |
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-y12d-fjpf-uubh
Aliases: CVE-2013-0263 GHSA-xc85-32mf-xpv8 OSV-89939 |
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. |
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||