FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-14 21:31:10 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2fdb053c-ca25-11ed-9d7e-080027f5fec9rack -- possible denial of service vulnerability in header parsing

ooooooo_q reports:

Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.


Discovery 2023-03-13
Entry 2023-03-24
rubygem-rack
< 3.0.6.1,3

rubygem-rack22
< 2.2.6.6,3

rubygem-rack16
< 1.6.14

CVE-2023-27539
https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
f0798a6a-bbdb-11ed-ba99-080027f5fec9rack -- possible DoS vulnerability in multipart MIME parsing

Aaron Patterson reports:

The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.


Discovery 2023-03-03
Entry 2023-03-06
rubygem-rack
< 3.0.4.2,3

rubygem-rack22
< 2.2.6.3,3

rubygem-rack16
< 1.6.14

CVE-2023-27530
https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388