Rack 3.0.8 for Ruby

CPE Details

Rack 3.0.8 for Ruby
3.0.8
2025-02-13
15h29 +00:00
2025-02-13
15h29 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:rack:rack:3.0.8:*:*:*:*:ruby:*:*

Informations

Vendor

rack

Product

rack

Version

3.0.8

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-26141 2024-02-28 23h28 +00:00 Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
7.5
High
CVE-2024-25126 2024-02-28 23h28 +00:00 Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.
7.5
High