aboutsummaryrefslogtreecommitdiff
path: root/security/vuxml/vuln/2023.xml
diff options
context:
space:
mode:
authorYasuhiro Kimura <yasu@FreeBSD.org>2023-01-19 01:42:49 +0000
committerYasuhiro Kimura <yasu@FreeBSD.org>2023-01-19 02:29:32 +0000
commit6d33da93ed041be803c1a7d8557de847097b9f61 (patch)
tree866093526056505b2c3c79fd69c08e2339a9036e /security/vuxml/vuln/2023.xml
parent361baca6a6bee946a18977fa0fbd0d8d70129ac8 (diff)
downloadports-6d33da93ed041be803c1a7d8557de847097b9f61.tar.gz
ports-6d33da93ed041be803c1a7d8557de847097b9f61.zip
security/vuxml: Document multiple vulnerabilities in rack
Diffstat (limited to 'security/vuxml/vuln/2023.xml')
-rw-r--r--security/vuxml/vuln/2023.xml68
1 files changed, 68 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 3f6020461e6e..0ece6c1c6939 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,71 @@
+ <vuln vid="95176ba5-9796-11ed-bfbf-080027f5fec9">
+ <topic>rack -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>rubygem-rack</name>
+ <range><lt>3.0.4.1,3</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rack22</name>
+ <range><lt>2.2.6.2,3</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rack16</name>
+ <range><lt>1.6.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aaron Patterson reports:</p>
+ <blockquote cite="https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md">
+ <dl>
+ <dt>CVE-2022-44570</dt>
+ <dd>
+ Carefully crafted input can cause the Range header
+ parsing component in Rack to take an unexpected amount
+ of time, possibly resulting in a denial of service
+ attack vector. Any applications that deal with Range
+ requests (such as streaming applications, or
+ applications that serve files) may be impacted.
+ </dd>
+ <dt>CVE-2022-44571</dt>
+ <dd>
+ Carefully crafted input can cause Content-Disposition
+ header parsing in Rack to take an unexpected amount of
+ time, possibly resulting in a denial of service attack
+ vector. This header is used typically used in multipart
+ parsing. Any applications that parse multipart posts
+ using Rack (virtually all Rails applications) are
+ impacted.
+ </dd>
+ <dt>CVE-2022-44572</dt>
+ <dd>
+ Carefully crafted input can cause RFC2183 multipart
+ boundary parsing in Rack to take an unexpected amount of
+ time, possibly resulting in a denial of service attack
+ vector. Any applications that parse multipart posts
+ using Rack (virtually all Rails applications) are
+ impacted.
+ </dd>
+ </dl>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-44570</cvename>
+ <cvename>CVE-2022-44571</cvename>
+ <cvename>CVE-2022-44572</cvename>
+ <url>https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md</url>
+ <url>https://github.com/advisories/GHSA-65f5-mfpf-vfhj</url>
+ <url>https://github.com/advisories/GHSA-93pm-5p5f-3ghx</url>
+ <url>https://github.com/advisories/GHSA-rqv2-275x-2jq5</url>
+ </references>
+ <dates>
+ <discovery>2023-01-17</discovery>
+ <entry>2023-01-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="00919005-96a3-11ed-86e9-d4c9ef517024">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 16:31:38 +0000