rack is vulnerable to Regular Expression Denial of Service (ReDoS) attacks. The vulnerability exists in the Range header parsing component of the library, which allows an attacker to significantly slow down the processing via passing a carefully crafted input.
discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
github.com/advisories/GHSA-65f5-mfpf-vfhj
github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359
github.com/rack/rack/commit/7a9d76a7850455a5ef9403203ea757ed110e7806
github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437
github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1
github.com/rack/rack/releases/tag/v2.0.9.2
github.com/rack/rack/releases/tag/v2.1.4.2
github.com/rack/rack/releases/tag/v2.2.6.2
github.com/rack/rack/releases/tag/v3.0.4.1
security.netapp.com/advisory/ntap-20231208-0010/
www.debian.org/security/2023/dsa-5530