📦 Rack

This vulnerability in Rack's Rack::Directory component allows attackers to bypass directory restrictions using path traversal techniques. By crafting requests like '/../root_example/', attackers can l...

This vulnerability in Rack's multipart parser allows remote attackers to cause denial of service by sending incomplete multipart headers that trigger unbounded memory accumulation. All Ruby web applic...

This vulnerability in Rack (Ruby web server interface) allows remote attackers to cause denial of service through memory exhaustion. By sending multipart/form-data requests with excessively large prea...

This vulnerability in Rack's query parser allows attackers to send HTTP requests with extremely large numbers of parameters, causing memory exhaustion and CPU resource consumption. This leads to denia...

This vulnerability in Rack's static file serving component allows attackers to bypass directory restrictions and access any file under the configured root directory using encoded path traversal sequen...

CVE-2025-27111 is a log injection vulnerability in Rack's Sendfile middleware that allows attackers to inject escape sequences (like newlines) via the X-Sendfile-Type header. This can corrupt log file...

This CVE describes a denial-of-service vulnerability in Rack's multipart MIME parsing code. Attackers can craft malicious requests that cause excessive processing time during multipart parsing, potent...

CVE-2022-44571 is a denial of service vulnerability in Rack's Content-Disposition header parser that allows attackers to craft malicious inputs causing excessive processing time. This affects virtuall...

This vulnerability allows cross-site scripting (XSS) attacks in Rack's directory listing feature. When Rack::Directory generates HTML directory indexes, it doesn't properly sanitize filenames starting...

This vulnerability allows attackers to bypass proxy-level access restrictions in Rack applications using Rack::Sendfile with certain proxy configurations. By sending crafted x-sendfile-type and x-acce...

CVE-2023-27539 is a denial-of-service vulnerability in Rack's header parsing component that allows attackers to cause excessive memory consumption by sending specially crafted HTTP headers. This affec...

This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in Rack's HTTP Accept header parsing. Attackers can send specially crafted Accept-Encoding or Accept-Language headers to...