Bugs fixes in "ruby-rack"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-34785 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served | 2026-04-16 |
| CVE | CVE-2026-34763 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path direc | 2026-04-16 |
| CVE | CVE-2026-34230 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding | 2026-04-16 |
| CVE | CVE-2026-26961 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter fro | 2026-04-16 |
| CVE | CVE-2026-25500 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where e | 2026-02-26 |
| CVE | CVE-2026-22860 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match o | 2026-02-26 |
| CVE | CVE-2026-25500 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where e | 2026-02-26 |
| CVE | CVE-2026-22860 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match o | 2026-02-26 |
| CVE | CVE-2026-25500 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where e | 2026-02-26 |
| CVE | CVE-2026-22860 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match o | 2026-02-26 |
| CVE | CVE-2026-25500 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where e | 2026-02-26 |
| CVE | CVE-2026-22860 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match o | 2026-02-26 |
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-16 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-16 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-16 |
| CVE | CVE-2025-61772 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data | 2026-01-16 |
| CVE | CVE-2025-61770 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart p | 2026-01-16 |
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-15 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-15 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-15 |
About
-
Send Feedback to @ubuntu_updates
