pkg:RubyGems/rack

All known vulnerabilities

• CRITICAL10.0CVE-2022-30123Possible shell escape sequence injection vulnerability in Rack
  from 0, < 2.0.9.1
• HIGH8.6CVE-2020-8161ruby-rack - security update
  from 0, < 2.1.3
• HIGH7.5CVE-2026-34829Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
  from 0, < 2.2.23
• HIGH7.5Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
  from 0, < 2.2.23
• HIGH7.5Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
  >= 3.0.0.beta1, < 3.1.21
• HIGH7.5Rack::Static prefix matching can expose unintended files under the static root
  from 0, < 2.2.23
• HIGH7.5ruby-rack - security update
  from 0, < 2.2.22
• HIGH7.5Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
  from 0, < 2.2.20
• HIGH7.5Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
  from 0, < 2.2.19
• HIGH7.5Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
  from 0, < 2.2.19
• HIGH7.5ruby-rack - security update
  from 0, < 2.2.19
• HIGH7.5Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
  from 0, < 2.2.18
• HIGH7.5Rack has an Unbounded-Parameter DoS in Rack::QueryParser
  from 0, < 2.2.14
• HIGH7.5Local File Inclusion in Rack::Static
  from 0, < 2.2.13
• HIGH7.5Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
  from 0, < 2.2.12
• HIGH7.5Rack has possible DoS Vulnerability with Range Header
  >= 3.0.0, < 3.0.9.1
• HIGH7.5Rack Header Parsing leads to Possible Denial of Service Vulnerability
  >= 3.0.0, < 3.0.9.1
• HIGH7.5ruby-rack - security update
  from 0, < 2.0.9.3
• HIGH7.5Denial of Service Vulnerability in Rack Content-Disposition parsing
  >= 2.0.0, < 2.0.9.2
• HIGH7.5Denial of service via header parsing in Rack
  >= 1.5.0, < 2.0.9.2
• HIGH7.5Denial of service via multipart parsing in Rack
  >= 2.0.0, < 2.0.9.2
• HIGH7.5ruby-rack - security update
  >= 1.2, < 2.0.9.1
• HIGH7.5Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
  from 0, < 2.1.4
• HIGH7.5Rack vulnerable to Denial of Service
  >= 2.0.4, < 2.0.6
• MEDIUM6.5ruby-rack - security update
  from 0, < 2.2.11
• MEDIUM6.5Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
  >= 3.1.0, < 3.1.5
• MEDIUM6.3Possible Information Leak / Session Hijack Vulnerability in Rack
  from 0, < 1.6.12
• MEDIUM6.1ruby-rack - security update
  >= 2.0.0, < 2.0.6
• MEDIUM5.9Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
  from 0, < 2.2.23
• MEDIUM5.8Rack has a Possible Information Disclosure Vulnerability
  from 0, < 2.2.20
• MEDIUM5.4Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
  from 0, < 2.2.22
• MEDIUM5.3Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
  from 0, < 2.2.23
• MEDIUM5.3Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.
  from 0, < 2.2.23
• MEDIUM5.3Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
  from 0, < 2.2.23
• MEDIUM5.3Rack:: Static header_rules bypass via URL-encoded paths
  from 0, < 2.2.23
• MEDIUM5.3ReDoS Vulnerability in Rack::Multipart handle_mime_head
  >= 3.1.0, < 3.1.16
• MEDIUM5.3ruby-rack - security update
  >= 3.0.0, < 3.0.9.1
• MEDIUM5.3Possible Denial of Service Vulnerability in Rack's header parsing
  >= 2.0.0, < 2.2.6.4
• MEDIUM4.8Rack::Request accepts invalid Host characters, enabling host allowlist bypass
  >= 3.0.0.beta1, < 3.1.21
• MEDIUM4.8Rack has Content-Length mismatch in Rack::Files error responses
  from 0, < 2.2.23
• MEDIUM4.8Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
  >= 3.0.0.beta1, < 3.1.21
• MEDIUM4.8Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values
  >= 3.2.0, < 3.2.6
• MEDIUM4.2ruby-rack - security update
  from 0, < 2.2.14
• —librack-ruby - several
  from 0, < 1.1.3
• —Rack arbitrary code execution via timing attack
  >= 1.5.0, < 1.5.2
• —Rack vulnerable to Denial of Service
  >= 1.1.0, < 1.1.5
• —Rack vulnerable to REDoS
  from 0, < 1.1.4
• —Rack Vulnerable to Path Traversal
  >= 1.5.0, < 1.5.2
• —Rack rubygems receiving excessively long lines triggers out-of-memory error
  >= 1.3.0, < 1.3.8
• —ruby-rack - security update
  >= 1.5.0, < 1.5.4