Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rack vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-44571
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an malicious user to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount o...
Rack Project Rack
7.5
CVSSv3
CVE-2022-44572
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an malicious user tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulti...
Rack Project Rack
6.1
CVSSv3
CVE-2018-16471
There is a possible XSS vulnerability in Rack prior to 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape...
Rack Project Rack
Debian Debian Linux 8.0
2 Github repositories
5.9
CVSSv3
CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and previous versions contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This v...
Sinatrarb Rack-protection 2.0.0
Sinatrarb Rack-protection
7.5
CVSSv3
CVE-2022-30122
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
Rack Project Rack
Debian Debian Linux 11.0
10
CVSSv3
CVE-2022-30123
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
Rack Project Rack
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2017-11173
Missing anchor in generated regex for rack-cors prior to 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.exampl...
Rack-cors Project Rack-cors
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually ...
Rack Project Rack
Fedoraproject Fedora 31
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2023-27530
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an malicious user to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Rack Project Rack
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an malicious user to forge a secure or host-only cookie prefix.
Rack Project Rack
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »