Vulnerabilities > Rack Project > Rack

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-16470 Resource Exhaustion vulnerability in Rack Project Rack 2.0.4/2.0.5
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6.
network
low complexity
rack-project CWE-400
7.5
2015-07-26 CVE-2015-3225 Data Processing Errors vulnerability in multiple products
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
network
low complexity
rack-project opensuse debian CWE-19
5.0
2011-12-30 CVE-2011-5036 Cryptographic Issues vulnerability in Rack Project Rack
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
rack-project CWE-310
5.0