MidnightBSD

Advisories for rack_project

CVE-2011-5036 MEDIUM

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
rack_project rack 1.2.2
rack_project rack 1.3.3
rack_project rack *
rack_project rack 1.3.1
rack_project rack 1.3.2
rack_project rack 1.2.3
rack_project rack 1.3.4
rack_project rack 1.2.4
rack_project rack 1.2.1
rack_project rack 1.3.0
rack_project rack 1.3.5
rack_project rack 1.2.0
CVE-2012-6109 MEDIUM

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
rack_project rack 1.2.2
rack_project rack 1.3.3
rack_project rack 1.0.0
rack_project rack 1.1.2
rack_project rack 1.3.2
rack_project rack 0.3
rack_project rack 0.1
rack_project rack 1.3.6
rack_project rack 1.2.4
rack_project rack 1.2.1
rack_project rack 1.1.0
rack_project rack 0.9.1
rack_project rack 1.2.0
rack_project rack *
rack_project rack 1.3.1
rack_project rack 0.4
rack_project rack 1.0.1
rack_project rack 1.2.3
rack_project rack 0.2
rack_project rack 0.9
rack_project rack 1.3.4
rack_project rack 1.4.0
rack_project rack 1.4.1
rack_project rack 1.3.0
rack_project rack 1.3.5
CVE-2013-0183 MEDIUM

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
rack_project rack 1.4.0
rack_project rack 1.4.1
rack_project rack 1.3.6
rack_project rack 1.3.3
rack_project rack 1.3.1
rack_project rack 1.3.0
rack_project rack 1.3.2
rack_project rack 1.3.7
rack_project rack 1.4.2
rack_project rack 1.3.5
rack_project rack 1.3.4
CVE-2013-0184 MEDIUM

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
rack_project rack 1.2.2
rack_project rack 1.4.3
rack_project rack 1.3.3
rack_project rack 1.3.1
rack_project rack 1.1.2
rack_project rack 1.2.6
rack_project rack 1.3.2
rack_project rack 1.2.3
rack_project rack 1.1.4
rack_project rack 1.4.2
rack_project rack 1.3.8
rack_project rack 1.3.4
rack_project rack 1.4.0
rack_project rack 1.4.1
rack_project rack 1.3.6
rack_project rack 1.2.4
rack_project rack 1.2.1
rack_project rack 1.3.0
rack_project rack 1.3.7
rack_project rack 1.1.0
rack_project rack 1.1.3
rack_project rack 1.3.5
rack_project rack 1.2.0
CVE-2013-0262 MEDIUM

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
rack_project rack 1.4.3
rack_project rack 1.4.0
rack_project rack 1.4.1
rack_project rack 1.5.0
rack_project rack 1.5.1
rack_project rack 1.4.4
rack_project rack 1.4.2
CVE-2013-0263 MEDIUM

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
rack_project rack 1.2.2
rack_project rack 1.3.3
rack_project rack 1.5.1
rack_project rack 1.1.6
rack_project rack 1.2.6
rack_project rack 1.3.2
rack_project rack 1.1.4
rack_project rack 1.3.8
rack_project rack 1.3.9
rack_project rack 1.3.6
rack_project rack 1.2.4
rack_project rack 1.2.1
rack_project rack 1.1.0
rack_project rack 1.2.0
rack_project rack 1.4.3
rack_project rack 1.2.7
rack_project rack 1.3.1
rack_project rack 1.2.3
rack_project rack 1.1.5
rack_project rack 1.4.4
rack_project rack 1.4.2
rack_project rack 1.3.4
rack_project rack 1.4.0
rack_project rack 1.4.1
rack_project rack 1.5.0
rack_project rack 1.3.0
rack_project rack 1.3.7
rack_project rack 1.3.5
CVE-2015-3225 MEDIUM

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
rack_project rack 1.6.1
debian debian_linux 8.0
rack_project rack *
opensuse opensuse 13.2
rack_project rack 1.6.0
opensuse opensuse 13.1
debian debian_linux 7.0
CVE-2018-16470 MEDIUM

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
rack_project rack 2.0.4
rack_project rack 2.0.5
CVE-2018-16471 MEDIUM

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 8.0
rack_project rack *
CVE-2019-16782 MEDIUM

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.8 4.0
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-208,CWE-203,

Products Affected

Vendor Product Version
fedoraproject fedora 31
opensuse leap 15.1
rack_project rack *
CVE-2020-8161 MEDIUM

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-548,CWE-22,

Products Affected

Vendor Product Version
rack_project rack *
debian debian_linux 10.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
CVE-2020-8184 MEDIUM

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-784,CWE-20,

Products Affected

Vendor Product Version
rack_project rack *
debian debian_linux 10.0
canonical ubuntu_linux 18.04
debian debian_linux 9.0
CVE-2022-30122

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.

Products Affected

Vendor Product Version
rack_project rack *
debian debian_linux 11.0
CVE-2022-30123

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

Products Affected

Vendor Product Version
rack_project rack *
debian debian_linux 11.0
CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
rack_project rack *
CVE-2022-44571

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
rack_project rack *
CVE-2022-44572

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
rack_project rack *
CVE-2023-27530

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
rack_project rack *
debian debian_linux 11.0
debian debian_linux 10.0