Vulnerabilities > Rack Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-30122 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | 7.5 |
| 2022-12-05 | CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10.0 |
| 2020-07-02 | CVE-2020-8161 | Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | 8.6 |
| 2020-06-19 | CVE-2020-8184 | Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 7.5 |
| 2018-11-13 | CVE-2018-16471 | Cross-site Scripting vulnerability in multiple products There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. | 6.1 |
| 2018-11-13 | CVE-2018-16470 | Resource Exhaustion vulnerability in Rack Project Rack 2.0.4/2.0.5 There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. | 7.5 |