lib/rack/multipart.rb in Rack prior to 1.1.4, 1.2.x prior to 1.2.6, 1.3.x prior to 1.3.7, and 1.4.x prior to 1.4.2 uses an incorrect regular expression, which allows remote malicious users to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rack project rack 0.4 |
||
rack project rack 1.1.2 |
||
rack project rack 0.2 |
||
rack project rack 0.1 |
||
rack project rack 1.1.0 |
||
rack project rack 0.9 |
||
rack project rack 1.0.1 |
||
rack project rack |
||
rack project rack 0.3 |
||
rack project rack 0.9.1 |
||
rack project rack 1.0.0 |
||
rack project rack 1.2.3 |
||
rack project rack 1.2.0 |
||
rack project rack 1.2.1 |
||
rack project rack 1.2.4 |
||
rack project rack 1.2.2 |
||
rack project rack 1.3.1 |
||
rack project rack 1.3.2 |
||
rack project rack 1.3.5 |
||
rack project rack 1.3.6 |
||
rack project rack 1.3.0 |
||
rack project rack 1.3.4 |
||
rack project rack 1.3.3 |
||
rack project rack 1.4.0 |
||
rack project rack 1.4.1 |
Vulmon