CVE-2022-44570 – rubygem-rack: denial of service in Content-Disposition parsing
https://notcve.org/view.php?id=CVE-2022-44570
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the Rack::Utils.get_byte_ranges function. • https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125 https://security.netapp.com/advisory/ntap-20231208-0010 https://www.debian.org/security/2023/dsa-5530 https://access.redhat.com/security/cve/CVE-2022-44570 https://bugzilla.redhat.com/show_bug.cgi?id=2164719 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVE-2022-30123 – rubygem-rack: crafted requests can cause shell escape sequences
https://notcve.org/view.php?id=CVE-2022-30123
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. Existe una vulnerabilidad de inyección de secuencia en Rack <2.0.9.1, <2.1.4.1 y <2.2.3.1 que podría permitir un posible escape de shell en los componentes Lint y CommonLogger de Rack. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. • https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728 https://security.gentoo.org/glsa/202310-18 https://security.netapp.com/advisory/ntap-20231208-0011 https://www.debian.org/security/2023/dsa-5530 https://access.redhat.com/security/cve/CVE-2022-30123 https://bugzilla.redhat.com/show_bug.cgi?id=2099524 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences CWE-179: Incorrect Behavior Order: Early Validation •
CVE-2022-30122 – rubygem-rack: crafted multipart POST request may cause a DoS
https://notcve.org/view.php?id=CVE-2022-30122
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. Existe una posible vulnerabilidad de Denegación de Servicio (DoS) en Rack <2.0.9.1, <2.1.4.1 y <2.2.3.1 en el componente de análisis multiparte de Rack. A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. • https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729 https://security.gentoo.org/glsa/202310-18 https://security.netapp.com/advisory/ntap-20231208-0012 https://www.debian.org/security/2023/dsa-5530 https://access.redhat.com/security/cve/CVE-2022-30122 https://bugzilla.redhat.com/show_bug.cgi?id=2099519 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-1333: Inefficient Regular Expression Complexity •
CVE-2020-8161 – rubygem-rack: directory traversal in Rack::Directory
https://notcve.org/view.php?id=CVE-2020-8161
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. Se presenta una vulnerabilidad de salto de directorio en rack versiones anteriores a 2.2.0, que permite a un atacante realizar una vulnerabilidad de salto de directorio en la aplicación Rack::Directory que esta incorporada con Rack, lo que podría resultar en una divulgación de información A directory traversal vulnerability was found in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director managed by the Rack::Directory, this flaw allows an attacker to read the contents of files on the server outside of the root specified in the Rack::Directory initializer. The highest threat from this vulnerability is to confidentiality. • https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA https://hackerone.com/reports/434404 https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html https://usn.ubuntu.com/4561-1 https://access.redhat.com/security/cve/CVE-2020-8161 https://bugzilla.redhat.com/show_bug.cgi?id=1838281 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-548: Exposure of Information Through Directory Listing •
CVE-2020-8184 – rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
https://notcve.org/view.php?id=CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Se presenta una dependencia de las cookies sin vulnerabilidad de seguridad de control de validación e integridad en rack versiones anteriores a 2.2.3, rack versiones anteriores a 2.1.4, que hace posible a un atacante forjar un prefijo de cookie seguro o solo de host A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure (non-SSL) or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html https://usn.ubuntu.com/4561-1 https://access.redhat.com/security/cve/CVE-2020-8184 https://bugzilla.redhat.com/show_bug.cgi?id=1849141 • CWE-20: Improper Input Validation CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision CWE-807: Reliance on Untrusted Inputs in a Security Decision •