Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-25126

Published: 29/02/2024 Updated: 29/04/2024

Vulnerability Summary

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146
Debian Bug report logs - #1064516 ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146 Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 23 Feb 2024 15:33:02 UTC Severity: grave ...
Amazon Linux 2: ALAS-2024-2492
A Denial of Service (DoS) vulnerability was found in rubygem-rack in how it parses Content-Type Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability (CVE-2024-25126) A Denial of Service (DoS) vulnerability was found in rubygem-rack in how ...

References

https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cxhttps://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.ymlhttps://lists.debian.org/debian-lts-announce/2024/04/msg00022.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2492.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook