GoogleOSV:DSA-5530-1

HistoryOct 22, 2023 - 12:00 a.m.

ruby-rack - security update

2023-10-2200:00:00

Google

osv.dev

ruby-rack

security

update

software

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Bulletin has no description

CPENameOperatorVersion
ruby-rackeq2.1.4-3

CPE	Name	Operator	Version
	ruby-rack	eq	2.1.4-3

debian

[SECURITY] [DSA 5530-1] ruby-rack security update

2023-10-22 12:35:21

[SECURITY] [DLA 3095-1] ruby-rack security update

2022-09-03 20:51:48

[SECURITY] [DLA 3392-1] ruby-rack security update

2023-04-17 14:31:02

nessus

Debian DSA-5530-1 : ruby-rack - security update

2023-10-22 00:00:00

FreeBSD : rack -- Multiple vulnerabilities (95176ba5-9796-11ed-bfbf-080027f5fec9)

2023-01-19 00:00:00

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5910-1)

2023-03-04 00:00:00

openvas

Debian: Security Advisory (DSA-5530-1)

2023-10-23 00:00:00

Mageia: Security Advisory (MGASA-2023-0106)

2023-03-28 00:00:00

Ubuntu: Security Advisory (USN-5910-1)

2023-03-03 00:00:00

redos

ROS-20240403-12

2024-04-03 00:00:00

ROS-20220706-02

2022-07-06 00:00:00

ROS-20240404-10

2024-04-04 00:00:00

mageia

Updated ruby-rack packages fix security vulnerability

2023-03-24 08:55:49

Updated ruby-rack packages fix security vulnerability

2022-07-05 22:11:26

Updated ruby-rack fixes a vulnerability and some bugs

2024-02-19 20:35:05

osv

ruby-rack vulnerabilities

2023-03-02 17:43:56

Moderate: pcs security and bug fix update

2023-05-18 19:18:23

ruby-rack - security update

2023-04-17 00:00:00

ubuntu

Rack vulnerabilities

2023-03-02 00:00:00

Rack vulnerabilities

2023-02-27 00:00:00

Rack vulnerabilities

2022-12-13 00:00:00

freebsd

rack -- Multiple vulnerabilities

2023-01-17 00:00:00

rack -- possible denial of service vulnerability in header parsing

2023-03-13 00:00:00

rack -- possible DoS vulnerability in multipart MIME parsing

2023-03-03 00:00:00

oraclelinux

pcs security update

2023-05-29 00:00:00

pcs security update

2023-07-20 00:00:00

pcs security update

2022-11-03 00:00:00

amazon

Important: pcs

2022-12-01 20:31:00

Medium: pcs

2023-04-27 18:36:00

redhat

(RHSA-2023:3403) Moderate: pcs security and bug fix update

2023-05-31 15:30:50

(RHSA-2023:1981) Moderate: pcs security and bug fix update

2023-04-25 09:58:19

(RHSA-2023:1961) Moderate: pcs security and bug fix update

2023-04-25 08:12:36

suse

Security update for rubygem-rack (critical)

2022-06-27 00:00:00

gentoo

Rack: Multiple Vulnerabilities

2023-10-30 00:00:00

almalinux

Moderate: pcs security and bug fix update

2023-05-16 00:00:00

Important: pcs security and bug fix update

2023-05-09 00:00:00

rocky

pcs security and bug fix update

2023-05-18 19:18:23

pcs security and bug fix update

2023-05-25 19:53:02

Satellite 6.14 security and bug fix update

2023-11-11 22:58:57

hackerone

Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing

2023-06-04 07:06:53

Ruby on Rails: Escape Sequence Injection vulnerability in Rack

2021-11-29 12:44:26

Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing

2023-06-04 07:40:02

prion

Denial of service

2023-02-09 20:15:00

Denial of service

2023-02-09 20:15:00

Denial of service

2023-02-09 20:15:00

debiancve

CVE-2022-44571

2023-02-09 20:15:11

CVE-2022-44572

2023-02-09 20:15:11

CVE-2022-44570

2023-02-09 20:15:11

nvd

CVE-2022-44570

2023-02-09 20:15:11

CVE-2022-44571

2023-02-09 20:15:11

CVE-2022-30123

2022-12-05 22:15:10

cvelist

CVE-2022-44570

2023-02-09 00:00:00

CVE-2022-44572

2023-02-09 00:00:00

CVE-2022-44571

2023-02-09 00:00:00

veracode

Regular Expression Denial Of Service (ReDoS)

2023-01-19 02:08:09

Regular Expression Denial Of Service (ReDoS)

2023-01-25 03:22:15

Regular Expression Denial Of Service (ReDoS)

2023-03-17 02:16:44

redhatcve

CVE-2022-44571

2023-01-26 10:01:14

CVE-2022-30122

2022-06-21 08:00:04

CVE-2022-44572

2023-01-26 10:06:11

github

Possible shell escape sequence injection vulnerability in Rack

2022-05-27 16:36:51

Denial of service via multipart parsing in Rack

2023-01-18 18:19:21

Denial of service via header parsing in Rack

2023-01-18 18:19:33

cve

CVE-2022-44571

2023-02-09 20:15:11

CVE-2022-44572

2023-02-09 20:15:11

CVE-2022-44570

2023-02-09 20:15:11

ubuntucve

CVE-2022-44572

2023-02-09 00:00:00

CVE-2022-44570

2023-02-09 00:00:00

CVE-2022-30122

2022-12-05 00:00:00

rubygems

Denial of service via header parsing in Rack

2023-01-17 21:00:00

Denial of service via multipart parsing in Rack

2023-01-17 21:00:00

Denial of Service Vulnerability in Rack Content-Disposition parsing

2023-01-17 21:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for OSV:DSA-5530-1