You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No breaking changes noted up to v2.2.4, but then the changelog jumps to 3.0 (skipping 2.2.6.4) with multiple breaking changes. We have 2.2.3 pinned in the gemfile. It looks like 2.2.6.4 will take care of bundler-audit warnings.
No breaking changes noted up to v2.2.4, but then the changelog jumps to 3.0 (skipping 2.2.6.4) with multiple breaking changes. We have 2.2.3 pinned in the gemfile. It looks like 2.2.6.4 will take care of bundler-audit warnings.
Name: rack
Version: 2.2.3
CVE: CVE-2022-30123
GHSA: GHSA-wq4h-7r42-5hrr
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Title: Possible shell escape sequence injection vulnerability in Rack
Solution: upgrade to '
> 2.0.9, >= 2.0.9.1', '> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1'Name: rack
Version: 2.2.3
CVE: CVE-2022-30122
GHSA: GHSA-hxqx-xwvh-44m2
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Title: Denial of Service Vulnerability in Rack Multipart Parsing
Solution: upgrade to '
> 2.0.9, >= 2.0.9.1', '> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1'Name: rack
Version: 2.2.3
CVE: CVE-2022-44571
GHSA: GHSA-93pm-5p5f-3ghx
Criticality: Unknown
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Title: Denial of Service Vulnerability in Rack Content-Disposition parsing
Solution: upgrade to '
> 2.0.9, >= 2.0.9.2', '> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1'Name: rack
Version: 2.2.3
CVE: CVE-2022-44570
GHSA: GHSA-65f5-mfpf-vfhj
Criticality: High
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Title: Denial of service via header parsing in Rack
Solution: upgrade to '
> 2.0.9, >= 2.0.9.2', '> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.2', '>= 3.0.4.1'Name: rack
Version: 2.2.3
CVE: CVE-2023-27539
GHSA: GHSA-c6qg-cjj8-47qp
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
Title: Possible Denial of Service Vulnerability in Rack’s header parsing
Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1'
Name: rack
Version: 2.2.3
CVE: CVE-2022-44572
GHSA: GHSA-rqv2-275x-2jq5
Criticality: Unknown
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Title: Denial of service via multipart parsing in Rack
Solution: upgrade to '
> 2.0.9, >= 2.0.9.2', '> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1'Name: rack
Version: 2.2.3
CVE: CVE-2023-27530
GHSA: GHSA-3h57-hmj3-gj3p
Criticality: High
URL: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
Title: Possible DoS Vulnerability in Multipart MIME parsing
Solution: upgrade to '
> 2.0.9, >= 2.0.9.3', '> 2.1.4, >= 2.1.4.3', '~> 2.2.6, >= 2.2.6.3', '>= 3.0.4.2'The text was updated successfully, but these errors were encountered: