Find, fix and prevent vulnerabilities in your code.

Overview

json is a JSON implementation as a Ruby extension in C.

Affected versions of this package are vulnerable to Out-of-bounds Read in the json_string_unescape() function in parser.c. An attacker can cause a crash by supplying a JSON object containing malicious unicode escape sequences, like "\u1zzz".

Remediation

Upgrade json to version 2.10.2 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Release

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Rack::QueryParser. An attacker can exhaust memory and CPU by sending HTTP requests containing an excessively large number of &-separated query parameters.

Workaround

This vulnerability can be avoided by any means that limits the length of incoming raw strings or application/x-www-form-urlencoded data, including application-level limitation or employing middleware.

Remediation

Upgrade rack to version 2.2.14, 3.0.16, 3.1.14 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the Content-Disposition header parsing. An attacker can cause the server to consume excessive resources and potentially crash by sending specially crafted requests that exploit this inefficiency.

Remediation

Upgrade rack to version 3.1.16 or higher.

References

• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Rack::Multipart::Parser. An attacker can exhaust system memory and cause process termination or severe slowdown by sending multipart requests with headers that never terminate, leading to unbounded memory allocation.

Workaround

This vulnerability can be mitigated by restricting maximum request sizes at the proxy or web server layer, such as configuring Nginx with client_max_body_size.

Remediation

Upgrade rack to version 2.2.19, 3.1.17, 3.2.2 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Rack::Multipart::Parser. An attacker can exhaust system memory by sending multipart form submissions with excessively large non-file fields, leading to process crashes or degraded performance due to memory exhaustion and increased garbage collection overhead.

Workaround

This vulnerability can be mitigated by restricting the maximum request body size at the web-server or proxy layer (such as configuring Nginx client_max_body_size) and by validating and rejecting unusually large form fields at the application level.

Remediation

Upgrade rack to version 2.2.19, 3.1.17, 3.2.2 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Rack::Multipart::Parser. An attacker can cause excessive memory consumption and potential process termination by sending multipart/form-data requests with a large preamble, leading to significant memory spikes and possible denial of service. The impact increases with higher allowed request sizes and concurrency.

Workaround

This vulnerability can be mitigated by limiting the total request body size at the proxy or web server level and by monitoring memory usage and setting per-process memory limits to prevent out-of-memory conditions.

Remediation

Upgrade rack to version 2.2.19, 3.1.17, 3.2.2 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Rack::Request#POST process. An attacker can exhaust system memory by sending large application/x-www-form-urlencoded request bodies, causing application slowdowns or termination by the operating system due to out-of-memory conditions. This occurs before any parameter parsing or configured parsing limits are enforced, allowing unbounded memory allocation proportional to the request size and concurrency.

Workaround

This vulnerability can be mitigated by enforcing strict maximum body size at the proxy or web server layer, such as configuring Nginx client_max_body_size or Apache LimitRequestBody.

Remediation

Upgrade rack to version 3.2.3, 3.1.18, 2.2.20 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Commit

Overview

rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Affected versions of this package are vulnerable to Relative Path Traversal in the can_serve() function in Rack::Static that enables local file inclusion. An attacker who knows the exact path to any file in the root: file directory can access it by supplying a path traversing pathname.

Remediation

Upgrade rack to version 2.2.13, 3.0.14, 3.1.12 or higher.

References

• GitHub Commit
• GitHub Commit

Overview

Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the ResponseReader class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by including "literal" strings in responses sent to client-initiated connections and IMAP commands.

After implementing the fix, the default max_response_size is still high (512MiB) to accommodate backward compatibility. It is recommended to set a lower max_response_size if connecting to untrusted servers or using insecure connections.

Remediation

Upgrade net-imap to version 0.2.5, 0.3.9, 0.4.20, 0.5.7 or higher.

References

• GitHub Commit
• GitHub PR
• GitHub PR
• GitHub PR
• GitHub PR
• Red Hat Bugzilla Bug

Overview

Affected versions of this package are vulnerable to OS Command Injection via the merge tool. An attacker can execute arbitrary commands by supplying crafted input that is improperly handled during the construction of commands.

Remediation

Upgrade thor to version 1.4.0 or higher.

References

• GitHub Commit
• GitHub PR