Vulnerabilidades em rack
37 resultadosCVE-2024-25126MEDIUMRack ReDos in content type parsing (2nd degree polynomial)EPSS 35.4%CVE-2019-16782MEDIUMPossible Information Leak / Session Hijack Vulnerability in RackEPSS 3.7%CVE-2018-16470—There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parseEPSS 2.0%CVE-2024-26146MEDIUMPossible Denial of Service Vulnerability in Rack Header ParsingEPSS 2.0%CVE-2018-16471—There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `schemEPSS 1.8%CVE-2024-26141MEDIUMPossible DoS Vulnerability with Range Header in RackEPSS 1.6%CVE-2025-25184MEDIUMPossible Log Injection in Rack::CommonLoggerEPSS 1.1%CVE-2025-27610HIGHLocal File Inclusion in Rack::StaticEPSS 1.1%CVE-2025-46727HIGHUnbounded-Parameter DoS in Rack::QueryParserEPSS 0.9%CVE-2024-39316MEDIUMRack ReDoS Vulnerability in HTTP Accept Headers ParsingEPSS 0.9%CVE-2025-61772HIGHRack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)EPSS 0.8%CVE-2025-61770HIGHRack's unbounded multipart preamble buffering enables DoS (memory exhaustion)EPSS 0.8%CVE-2025-27111MEDIUMEscape Sequence Injection vulnerability in Rack lead to Possible Log InjectionEPSS 0.7%CVE-2024-35231HIGHrack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameterEPSS 0.7%CVE-2025-61919HIGHRack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsingEPSS 0.6%CVE-2026-22860HIGHRack has a Directory Traversal via Rack:DirectoryEPSS 0.6%CVE-2025-59830HIGHRack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parametersEPSS 0.5%CVE-2025-61771HIGHRack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)EPSS 0.5%CVE-2025-49007MEDIUMReDoS Vulnerability in Rack::Multipart handle_mime_headEPSS 0.5%CVE-2025-61780MEDIUMRack has Possible Information Disclosure VulnerabilityEPSS 0.4%