| CVE-2026-34829 |
high |
— |
8.0 |
|
|
|
2mo ago |
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads |
| CVE-2026-34827 |
high |
— |
8.0 |
|
|
|
2mo ago |
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters |
| CVE-2026-34785 |
high |
— |
8.0 |
|
|
|
2mo ago |
Rack::Static prefix matching can expose unintended files under the static root |
| CVE-2026-34230 |
high |
— |
8.0 |
|
|
|
2mo ago |
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header |
| CVE-2025-61919 |
high |
— |
8.0 |
|
|
|
8mo ago |
Important: pcs security update |
| CVE-2025-61770 |
high |
— |
8.0 |
|
|
|
8mo ago |
Important: pcs security update |
| CVE-2025-61772 |
high |
— |
8.0 |
|
|
|
8mo ago |
Important: pcs security update |
| CVE-2025-61771 |
high |
— |
8.0 |
|
|
|
8mo ago |
Important: pcs security update |
| CVE-2025-59830 |
high |
— |
8.0 |
|
|
|
8mo ago |
Important: pcs security update |
| CVE-2025-46727 |
high |
— |
8.0 |
|
|
|
1y ago |
Important: pcs security update |
| CVE-2022-44572 |
high |
— |
8.0 |
|
|
|
3y ago |
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boun… |
| CVE-2022-44571 |
high |
— |
8.0 |
|
|
|
3y ago |
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cau… |
| CVE-2022-44570 |
high |
— |
8.0 |
|
|
|
3y ago |
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount o… |
| CVE-2026-34835 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack::Request accepts invalid Host characters, enabling host allowlist bypass |
| CVE-2026-26961 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. |
| CVE-2026-26962 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values |
| CVE-2026-32762 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing |
| CVE-2026-34763 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory |
| CVE-2026-34786 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack:: Static header_rules bypass via URL-encoded paths |
| CVE-2026-34826 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges |
| CVE-2026-34830 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect |
| CVE-2026-34831 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rack has Content-Length mismatch in Rack::Files error responses |
| CVE-2025-25184 |
medium |
— |
5.5 |
|
|
|
1y ago |
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character… |
| CVE-2024-25126 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moderate: pcs security update |
| CVE-2024-26141 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moderate: pcs security update |
| CVE-2024-26146 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moderate: pcs security update |
| CVE-2023-27539 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: pcs security and bug fix update |
| CVE-2023-27530 |
medium |
— |
5.5 |
|
|
|
3y ago |
Moderate: pcs security and bug fix update |
| CVE-2013-0263 |
medium |
— |
5.1 |
|
|
|
14y ago |
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privile… |
| CVE-2015-3225 |
medium |
— |
5.0 |
|
|
|
11y ago |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a… |
| CVE-2013-0183 |
medium |
— |
5.0 |
|
|
|
14y ago |
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… |
| CVE-2011-5036 |
medium |
— |
5.0 |
|
|
|
15y ago |
Rack Gem Subject to Denial of Service via Hash Collisions |
| CVE-2013-0262 |
medium |
— |
4.3 |
|
|
|
14y ago |
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable… |
| CVE-2013-0184 |
medium |
— |
4.3 |
|
|
|
14y ago |
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of servic… |
| CVE-2012-6109 |
medium |
— |
4.3 |
|
|
|
14y ago |
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of ser… |