OESA-2025-1685

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1685

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1685.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1685

Upstream

CVE-2024-26146

Published

2025-06-27T13:16:41Z

Modified

2025-08-12T05:42:35.162303Z

Summary

rubygem-rack security update

Details

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Security Fix(es):

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.(CVE-2024-26146)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / rubygem-rack

Package

Name: rubygem-rack
Purl: pkg:rpm/openEuler/rubygem-rack&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.3.1-8.oe2203sp3

Ecosystem specific

{
    "src": [
        "rubygem-rack-2.2.3.1-8.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.3.1-8.oe2203sp3.noarch.rpm",
        "rubygem-rack-help-2.2.3.1-8.oe2203sp3.noarch.rpm"
    ]
}