MGASA-2024-0123

Advisory lineage Upstream: 3 Downstream: 0
Published: 12 Apr 2024, 20:45
Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Apr 2024, 20:45
Published
Vulnerability first disclosed
16 Apr 2026, 04:22
Last Modified
Vulnerability information updated

Description

Updated ruby-rack packages fix security vulnerabilities Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). (CVE-2024-26141) Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. (CVE-2024-26146)

Affected Systems

  • mageiaruby-rack

    < 2.2.8.1-1.mga9

References (2)