CVE-2024-39316 – Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
https://notcve.org/view.php?id=CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. Users of versions on the 3.1 branch should upgrade to version 3.1.5 to receive the fix. • https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058 https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-35231 – rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
https://notcve.org/view.php?id=CVE-2024-35231
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue. rack-contrib proporciona middleware y utilidades de rack para Rack, una interfaz de servidor web Ruby. Las versiones de rack-contrib anteriores a la 2.5.0 son vulnerables a la denegación de servicio debido al hecho de que los datos controlados por el usuario "profiler_runs" no estaban sujetos a ninguna limitación. • https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7 https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-26141 – Possible DoS Vulnerability with Range Header in Rack
https://notcve.org/view.php?id=CVE-2024-26141
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. • https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html https://security.netapp.com/advisory/ntap-2024051 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-25126 – Rack ReDos in content type parsing (2nd degree polynomial)
https://notcve.org/view.php?id=CVE-2024-25126
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1. Rack es una interfaz modular de servidor web Ruby. Los encabezados de tipo de contenido cuidadosamente elaborados pueden hacer que el analizador de tipo de medios de Rack demore mucho más de lo esperado, lo que lleva a una posible vulnerabilidad de denegación de servicio (polinomio de segundo grado de ReDos). • https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html https://security.netapp.com/advisory/ntap • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-26146 – Possible Denial of Service Vulnerability in Rack Header Parsing
https://notcve.org/view.php?id=CVE-2024-26146
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. • https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ra • CWE-1333: Inefficient Regular Expression Complexity •