10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.5%
The Rubygem Rack web application development interface vulnerability is related to incorrect input validation
when processing data transmitted through the Rack Lint middleware and CommonLogger middleware.
Exploitation of the vulnerability could allow an attacker acting remotely to send specially
specially crafted data to an application and execute arbitrary OS commands on the target system
A vulnerability in the Rubygem Rack web application development interface is associated with insufficient validation of
data entered by the user when analyzing POST composite requests. Exploitation of the vulnerability could
allow an attacker acting remotely to send specially crafted composite POST requests to the application and execute an attack.
POST requests and execute a denial of service (DoS) attack
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | rubygem-rack | <= 2.0.8-3 | UNKNOWN |