CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16471
https://notcve.org/view.php?id=CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. Hay una posible vulnerabilidad Cross-Site Scripting (XSS) en Rack en versiones anteriores a la 2.0.6 y la 1.6.11. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html https://usn.ubuntu.com/4089-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16470 – rubygem-rack: Buffer size in multipart parser allows for denial of service
https://notcve.org/view.php?id=CVE-2018-16470
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Hay una posible vulnerabilidad de denegación de servicio (DoS) en el analizador multiparte en Rack en versiones anteriores a la 2.0.6. Las peticiones especialmente manipuladas pueden provocar que el analizador multiparte entre en estado patológico, haciendo que emplee una cantidad de recursos de CPU desproporcionada al tamaño de la petición. • https://access.redhat.com/errata/RHSA-2019:3172 https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ https://access.redhat.com/security/cve/CVE-2018-16470 https://bugzilla.redhat.com/show_bug.cgi?id=1646814 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11173
https://notcve.org/view.php?id=CVE-2017-11173
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. La falta de anclaje en la expresión regular (regex) generada para rack-cors anterior a versión 0.4.1 permite que un sitio de terceros malicioso realice peticiones CORS. Si la configuración estuviera destinada a permitir solo el nombre de dominio de confianza example.com y no el nombre de dominio malicioso example.net, entonces, podría ser permitido inadvertidamente example.com.example.net (así como example.com-example.net). • http://seclists.org/fulldisclosure/2017/Jul/22 http://www.debian.org/security/2017/dsa-3931 https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6 https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html •
CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0CVE-2015-3225 – rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()
https://notcve.org/view.php?id=CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegación de servicio (SystemStackError) a través de una solicitud con un parámetro de gran tamaño. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html http://openwall.com/lists/oss-security/2015/06/16/14 http://rhn.redhat.com/errata/RHSA-2015-2290.html http://www.debian.org/security&#x • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 1%CPEs: 25EXPL: 0CVE-2012-6109 – rubygem-rack: parsing Content-Disposition header DoS
https://notcve.org/view.php?id=CVE-2012-6109
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. lib/rack/multipart.rb en Rack anterior a v1.1.4 anterior a v1.1.5, v1.2.x anterior a v1.2.6, v1.3.x anterior a v1.3.7, y v1.4.x anterior a v1.4.2, emplea incorrectamente las expresiones regulares lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una cabecera manipulada del tipo Content-Disposion. • http://rack.github.com http://rhn.redhat.com/errata/RHSA-2013-0544.html http://rhn.redhat.com/errata/RHSA-2013-0548.html https://bugzilla.redhat.com/show_bug.cgi?id=895277 https://github.com/rack/rack/blob/master/README.rdoc https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5 https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ https://access.redhat.com/security/cve/CVE-2012-6109 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •