rack vulnerabilities

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Also see https://rack.github.io/.

Latest version: 2.0.6

View on RubyGems.org

Licenses detected

  • license: Unknown < 1.5.2, >= 0.1.0
  • license: MIT >= 1.5.2
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the rack package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Denial of Service (DoS)
>=2.0.4, <2.0.6 Not available 06 Nov, 2018
  • M
Cross-site Scripting (XSS)
<1.6.11,>=2.0.0, <2.0.6 Not available 06 Nov, 2018
  • M
Denial of Service (DoS)
<1.6.1, >=1.6.0.beta,<1.5.3, >=1.5.0 Not available 02 Aug, 2017
  • M
IP Spoofing
<1.6.0.beta, >=1.4.0 Not available 02 Aug, 2017
  • M
Regular Expression Denial of Service (ReDoS)
>=1.3.0.beta,<1.3.4 Not available 02 Aug, 2017
  • M
Denial of Service (DoS)
<1.3.0.beta Not available 02 Aug, 2017
  • M
Denial of Service (DoS)
< 1.3.6, >= 1.3,< 1.2.5, >= 1.2,< 1.1.3 Not available 18 Oct, 2016
  • M
Denial of Service (DoS)
< 1.6.2, >= 1.6,< 1.5.4, >= 1.5,< 1.4.6 Not available 18 Oct, 2016
  • M
Arbitrary File Disclosure
< 1.5.2, >= 1.5,< 1.4.5 Not available 06 Feb, 2013
  • M
Timing Attack
< 1.5.2, >= 1.5,< 1.4.5, >= 1.4,< 1.3.10, >= 1.3,< 1.2.8, >= 1.2,< 1.1.6 Not available 06 Feb, 2013
  • M
Denial of Service (DoS)
< 1.4.4, >= 1.4,< 1.3.9, >= 1.3,< 1.2.7, >= 1.2,< 1.1.5 Not available 12 Jan, 2013
  • M
Denial of Service (DoS)
< 1.4.3, >= 1.4,< 1.3.8 Not available 06 Jan, 2013
  • M
Regular Expression Denial of Service (DoS)
< 1.4.2, >= 1.4,< 1.3.7, >= 1.3,< 1.2.6, >= 1.2,< 1.1.4 Not available 03 May, 2012