Known Vulnerabilities for products from Rack Project

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Rack Project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-27530 json A DoS vulnerability exists in Rack 7.5 - HIGH 2023-03-10 2023-12-08
CVE-2022-44572 json A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 c... 7.5 - HIGH 2023-02-09 2023-12-08
CVE-2022-44571 json There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2... 7.5 - HIGH 2023-02-09 2023-12-08
CVE-2022-44570 json A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause... 7.5 - HIGH 2023-02-09 2023-12-08
CVE-2022-30123 json A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escap... 10 - CRITICAL 2022-12-05 2023-12-08
CVE-2022-30122 json A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component ... 7.5 - HIGH 2022-12-05 2023-12-20
CVE-2020-8184 json A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that mak... 7.5 - HIGH 2020-06-19 2023-02-16
CVE-2020-8161 json A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability ... 8.6 - HIGH 2020-07-02 2023-02-02
CVE-2019-16782 json There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in v... 5.9 - MEDIUM 2019-12-18 2023-11-07
CVE-2018-16471 json There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returne... 6.1 - MEDIUM 2018-11-13 2023-11-07
CVE-2018-16470 json There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the ... 7.5 - HIGH 2018-11-13 2023-11-07
CVE-2015-3225 json lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, all... 5 - MEDIUM 2015-07-26 2018-10-30
CVE-2013-0263 json Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x befo... 5.1 - MEDIUM 2013-02-08 2023-02-13
CVE-2013-0262 json rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outsid... 4.3 - MEDIUM 2013-02-08 2023-02-13
CVE-2013-0184 json Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, ... 4.3 - MEDIUM 2013-03-01 2023-02-13
CVE-2013-0183 json multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (m... 5 - MEDIUM 2013-03-01 2023-02-13
CVE-2012-6109 json lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect ... 4.3 - MEDIUM 2013-03-01 2023-02-13
CVE-2011-5036 json Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting th... 5 - MEDIUM 2011-12-30 2013-10-31

Known software with vulnerabilities from Rack Project

Type Vendor Product Version
ApplicationRack ProjectRack0.1