Known Vulnerabilities for products from Rack Project
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Rack Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-8184 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that mak... | 7.5 - HIGH | 2020-06-19 | 2023-02-16 |
| CVE-2020-8161 | A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability ... | 8.6 - HIGH | 2020-07-02 | 2023-02-02 |
| CVE-2019-16782 | There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in v... | 5.9 - MEDIUM | 2019-12-18 | 2023-11-07 |
| CVE-2018-16471 | There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returne... | 6.1 - MEDIUM | 2018-11-13 | 2023-11-07 |
| CVE-2018-16470 | There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the ... | 7.5 - HIGH | 2018-11-13 | 2023-11-07 |
| CVE-2015-3225 | lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, all... | 5 - MEDIUM | 2015-07-26 | 2018-10-30 |
| CVE-2013-0263 | Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x befo... | 5.1 - MEDIUM | 2013-02-08 | 2023-02-13 |
| CVE-2013-0262 | rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outsid... | 4.3 - MEDIUM | 2013-02-08 | 2023-02-13 |
| CVE-2013-0184 | Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, ... | 4.3 - MEDIUM | 2013-03-01 | 2023-02-13 |
| CVE-2013-0183 | multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (m... | 5 - MEDIUM | 2013-03-01 | 2023-02-13 |
| CVE-2012-6109 | lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect ... | 4.3 - MEDIUM | 2013-03-01 | 2023-02-13 |
| CVE-2011-5036 | Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting th... | 5 - MEDIUM | 2011-12-30 | 2013-10-31 |
Known software with vulnerabilities from Rack Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rack Project | Rack | 0.1 |