Vulnerabilidades em rack
37 resultadosCVE-2026-34230MEDIUMRack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding headerEPSS 0.4%CVE-2026-34826MEDIUMRack: Unbounded Range Count in get_byte_ranges Enables DoSEPSS 0.4%CVE-2026-34827HIGHRack: Algorithmic-Complexity DoS in Rack::Multipart::ParserEPSS 0.4%CVE-2026-34785HIGHRack: Local file inclusion in `Rack::Static` via URL Prefix MatchingEPSS 0.3%CVE-2026-34829HIGHRack: Denial of Service via Unbounded Multipart File Upload Without Content-LengthEPSS 0.3%CVE-2025-46336MEDIUMRack session gets restored after deletionEPSS 0.3%CVE-2026-39324CRITICALRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserializationEPSS 0.3%CVE-2026-26961LOWRack: Multipart Boundary Parsing Ambiguity allowing WAF BypassEPSS 0.3%CVE-2026-34763MEDIUMRack: Rack::Directory info disclosure and DoS via unescaped regex interpolationEPSS 0.2%CVE-2026-26962MEDIUMRack: Header injection in multipart requestsEPSS 0.2%CVE-2026-25500MEDIUMRack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor hrefEPSS 0.2%CVE-2026-34830MEDIUMRack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginxEPSS 0.2%CVE-2026-34786MEDIUMRack: Rack::Static header_rules bypass via URL-encoded pathsEPSS 0.2%CVE-2025-32441MEDIUMRack session gets restored after deletionEPSS 0.2%CVE-2026-34835MEDIUMRack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.EPSS 0.2%CVE-2026-32762MEDIUMRack: Forwarded Header semicolon injection enables Host and Scheme spoofingEPSS 0.2%CVE-2026-34831MEDIUMRack: Content-Length mismatch in Rack::Files error responsesEPSS 0.1%