Skip to content

Rack vulnerable to Denial of Service

Moderate severity GitHub Reviewed Published May 5, 2022 to the GitHub Advisory Database • Updated Mar 8, 2023

Package

bundler rack (RubyGems)

Affected versions

>= 1.1.0, < 1.1.5
>= 1.2.0, < 1.2.7
>= 1.3.0, < 1.3.9
>= 1.4.0, < 1.4.4

Patched versions

1.1.5
1.2.7
1.3.9
1.4.4

Description

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."

References

Published by the National Vulnerability Database Mar 1, 2013
Published to the GitHub Advisory Database May 5, 2022
Reviewed Mar 8, 2023
Last updated Mar 8, 2023

Severity

Moderate

EPSS score

1.282%
(86th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-0184

GHSA ID

GHSA-v882-ccj6-jc48

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.