Vulnerabilities > Rack Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-16782 | Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). | 5.9 |
| 2018-11-13 | CVE-2018-16471 | Cross-site Scripting vulnerability in multiple products There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. | 6.1 |
| 2015-07-26 | CVE-2015-3225 | Data Processing Errors vulnerability in multiple products lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | 5.0 |
| 2011-12-30 | CVE-2011-5036 | Cryptographic Issues vulnerability in Rack Project Rack Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |