FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f0798a6a-bbdb-11ed-ba99-080027f5fec9rack -- possible DoS vulnerability in multipart MIME parsing

Aaron Patterson reports:

The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.


Discovery 2023-03-03
Entry 2023-03-06
rubygem-rack
< 3.0.4.2,3

rubygem-rack22
< 2.2.6.3,3

rubygem-rack16
< 1.6.14

CVE-2023-27530
https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
2fdb053c-ca25-11ed-9d7e-080027f5fec9rack -- possible denial of service vulnerability in header parsing

ooooooo_q reports:

Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.


Discovery 2023-03-13
Entry 2023-03-24
rubygem-rack
< 3.0.6.1,3

rubygem-rack22
< 2.2.6.6,3

rubygem-rack16
< 1.6.14

CVE-2023-27539
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
95176ba5-9796-11ed-bfbf-080027f5fec9rack -- Multiple vulnerabilities

Aaron Patterson reports:

CVE-2022-44570
Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
CVE-2022-44571
Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
CVE-2022-44572
Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Discovery 2023-01-17
Entry 2023-01-19
rubygem-rack
< 3.0.4.1,3

rubygem-rack22
< 2.2.6.2,3

rubygem-rack16
< 1.6.14

CVE-2022-44570
CVE-2022-44571
CVE-2022-44572
https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md
https://github.com/advisories/GHSA-65f5-mfpf-vfhj
https://github.com/advisories/GHSA-93pm-5p5f-3ghx
https://github.com/advisories/GHSA-rqv2-275x-2jq5