Bugs fixes in "ruby-rack"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-16 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-16 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-16 |
| CVE | CVE-2025-61772 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data | 2026-01-16 |
| CVE | CVE-2025-61770 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart p | 2026-01-16 |
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-15 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-15 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-15 |
| CVE | CVE-2025-61772 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data | 2026-01-15 |
| CVE | CVE-2025-61770 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart p | 2026-01-15 |
| CVE | CVE-2025-59830 | Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, | 2026-01-15 |
| CVE | CVE-2025-46727 | Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/ | 2026-01-15 |
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-15 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-15 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-15 |
| CVE | CVE-2025-61772 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data | 2026-01-15 |
| CVE | CVE-2025-61770 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart p | 2026-01-15 |
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | 2026-01-15 |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | 2026-01-15 |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | 2026-01-15 |
About
-
Send Feedback to @ubuntu_updates
