FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
95176ba5-9796-11ed-bfbf-080027f5fec9	rack -- Multiple vulnerabilities Aaron Patterson reports: CVE-2022-44570 Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. CVE-2022-44571 Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. CVE-2022-44572 Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Discovery 2023-01-17 Entry 2023-01-19 rubygem-rack < 3.0.4.1,3 rubygem-rack22 < 2.2.6.2,3 rubygem-rack16 < 1.6.14 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md https://github.com/advisories/GHSA-65f5-mfpf-vfhj https://github.com/advisories/GHSA-93pm-5p5f-3ghx https://github.com/advisories/GHSA-rqv2-275x-2jq5

VuXML ID

Description

95176ba5-9796-11ed-bfbf-080027f5fec9

rack -- Multiple vulnerabilities

Aaron Patterson reports:

CVE-2022-44570

Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

CVE-2022-44571

Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

CVE-2022-44572

Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Discovery 2023-01-17
Entry 2023-01-19
rubygem-rack

< 3.0.4.1,3

rubygem-rack22

< 2.2.6.2,3

rubygem-rack16

< 1.6.14

CVE-2022-44570
CVE-2022-44571
CVE-2022-44572
https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md
https://github.com/advisories/GHSA-65f5-mfpf-vfhj
https://github.com/advisories/GHSA-93pm-5p5f-3ghx
https://github.com/advisories/GHSA-rqv2-275x-2jq5