Known Vulnerabilities for Rack by Rack Project
Listed below are 10 of the newest known vulnerabilities associated with "Rack" by "Rack Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-8184 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that mak... | 7.5 - HIGH | 2020-06-19 | 2023-02-16 |
| CVE-2020-8161 | A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability ... | 8.6 - HIGH | 2020-07-02 | 2023-02-02 |
| CVE-2019-16782 | There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in v... | 5.9 - MEDIUM | 2019-12-18 | 2023-11-07 |
| CVE-2018-16471 | There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returne... | 6.1 - MEDIUM | 2018-11-13 | 2023-11-07 |
| CVE-2018-16470 | There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the ... | 7.5 - HIGH | 2018-11-13 | 2023-11-07 |
| CVE-2015-3225 | lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, all... | 5 - MEDIUM | 2015-07-26 | 2018-10-30 |
| CVE-2013-0263 | Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x befo... | 5.1 - MEDIUM | 2013-02-08 | 2023-02-13 |
| CVE-2013-0262 | rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outsid... | 4.3 - MEDIUM | 2013-02-08 | 2023-02-13 |
| CVE-2013-0184 | Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, ... | 4.3 - MEDIUM | 2013-03-01 | 2023-02-13 |
| CVE-2013-0183 | multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (m... | 5 - MEDIUM | 2013-03-01 | 2023-02-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rack Project | Rack | 2.2.3 | All | All | All |
| Application | Rack Project | Rack | 2.2.2 | All | All | All |
| Application | Rack Project | Rack | 2.2.1 | All | All | All |
| Application | Rack Project | Rack | 2.2.0 | All | All | All |
| Application | Rack Project | Rack | 2.1.4 | All | All | All |
| Application | Rack Project | Rack | 2.1.3 | All | All | All |
| Application | Rack Project | Rack | 2.1.2 | All | All | All |
| Application | Rack Project | Rack | 2.1.1 | All | All | All |
| Application | Rack Project | Rack | 2.1.0 | All | All | All |
| Application | Rack Project | Rack | 2.0.9 | All | All | All |
| Application | Rack Project | Rack | 2.0.8 | All | All | All |
| Application | Rack Project | Rack | 2.0.8 | All | All | All |
| Application | Rack Project | Rack | 2.0.7 | All | All | All |
| Application | Rack Project | Rack | 2.0.6 | All | All | All |
| Application | Rack Project | Rack | 2.0.5 | All | All | All |
| Application | Rack Project | Rack | 2.0.4 | All | All | All |
| Application | Rack Project | Rack | 2.0.3 | All | All | All |
| Application | Rack Project | Rack | 2.0.2 | All | All | All |
| Application | Rack Project | Rack | 2.0.1 | All | All | All |
| Application | Rack Project | Rack | 2.0.0 | rc1 | All | All |