Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible DoS Vulnerability with Range Header in Rack
Vulnerability Description
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Rack 资源管理错误漏洞
Vulnerability Description
Rack是模块化的Ruby Web服务器界面。 Rack 3.0.9.1 之前、 2.2.8.1之前版本存在资源管理错误漏洞,该漏洞源于精心设计的 Range 标头可能会导致服务器响应异常,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A