Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-26141

Published: 29/02/2024 Updated: 29/04/2024

Vulnerability Summary

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146
Debian Bug report logs - #1064516 ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146 Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 23 Feb 2024 15:33:02 UTC Severity: grave ...
Amazon Linux 2: ALAS-2024-2492
A Denial of Service (DoS) vulnerability was found in rubygem-rack in how it parses Content-Type Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability (CVE-2024-25126) A Denial of Service (DoS) vulnerability was found in rubygem-rack in how ...
Red Hat:
Description<!---->This CVE is under investigation by Red Hat Product Security ...

References

https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48bhttps://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.ymlhttps://lists.debian.org/debian-lts-announce/2024/04/msg00022.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2492.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook