Rack Project : Security Vulnerabilities, CVEs, Published In 2013 (Denial of service)
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
Max CVSS
4.3
EPSS Score
1.28%
Published
2013-03-01
Updated
2023-02-13
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
Max CVSS
5.0
EPSS Score
4.90%
Published
2013-03-01
Updated
2023-02-13
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Max CVSS
4.3
EPSS Score
1.22%
Published
2013-03-01
Updated
2023-02-13
3 vulnerabilities found