Rack Rack 3.0.0 Beta 1 for Ruby

CPE Details

Rack Rack 3.0.0 Beta 1 for Ruby
rack
rack
3.0.0
2025-02-13
14h37 +00:00
2025-02-13
14h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:rack:rack:3.0.0:beta1:*:*:*:ruby:*:*

Informations

Vendor

rack

Product

rack

Version

3.0.0

Update

beta1

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-26141 2024-02-28 23h28 +00:00 Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
7.5
Haute
CVE-2024-25126 2024-02-28 23h28 +00:00 Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.
7.5
Haute
CVE-2023-27530 2023-03-09 23h00 +00:00 A DoS vulnerability exists in Rack
7.5
Haute
CVE-2022-44570 2023-02-08 23h00 +00:00 A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
7.5
Haute