Vulnerabilities > Rack Project > Rack > 1.1.33
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-30123 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | 10.0 |
| 2020-07-02 | CVE-2020-8161 | Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | 8.6 |
| 2020-06-19 | CVE-2020-8184 | Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 7.5 |
| 2015-07-26 | CVE-2015-3225 | Data Processing Errors vulnerability in multiple products lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | 5.0 |