CVE-2024-26146

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26146

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26146

Aliases

Related

Published

2024-02-29T00:15:51Z

Modified

2024-09-11T06:12:45.376912Z

Summary

[none]

Details

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

References

Affected packages

Debian:11 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.4-3+deb11u2

Affected versions

2.*

2.1.4-3

2.1.4-3+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.6.4-1+deb12u1

Affected versions

2.*

2.2.6.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.7-1.1

Affected versions

2.*

2.2.6.4-1

2.2.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30b8e39a578b25d4bdcc082c1c52c6f164b59716

Fixed

6c5d90bdcec0949f7ba06db62fb740dab394b582

Fixed

a227cd793778c7c3a827d32808058571569cda6f

Fixed

e4c117749ba24a66f8ec5a08eddf68deeb425ccd

Affected versions

0.*

0.1

0.2

0.3

1.*

1.0

1.1

1.2

1.2.1

1.3.0

1.3.0.beta

1.3.0.beta2

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.6.0

1.6.0.beta

1.6.0.beta2

2.*

2.0.0

2.0.0.alpha

2.0.0.rc1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.9.1

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.4.1

2.2.0

2.2.3

2.2.3.1

2.2.4

3.*

3.0.0

3.0.0.beta1

3.0.0.rc1

v2.*

v2.0.9.2

v2.0.9.3

v2.1.4.2

v2.1.4.3

v2.2.1

v2.2.2

v2.2.5

v2.2.6

v2.2.6.1

v2.2.6.2

v2.2.6.3

v2.2.6.4

v2.2.7

v2.2.8

v3.*

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.4.1

v3.0.4.2

v3.0.5

v3.0.6

v3.0.6.1

v3.0.7

v3.0.8

v3.0.9