Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.
History

Thu, 05 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
Redhat satellite Capsule
CPEs cpe:/a:redhat:satellite:6.15::el8
cpe:/a:redhat:satellite_capsule:6.15::el8
Vendors & Products Redhat satellite
Redhat satellite Capsule

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-28T23:28:01.158Z

Updated: 2024-08-01T23:59:32.576Z

Reserved: 2024-02-14T17:40:03.689Z

Link: CVE-2024-26146

cve-icon Vulnrichment

Updated: 2024-07-25T16:39:01.836Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-29T00:15:51.597

Modified: 2024-11-21T09:02:01.697

Link: CVE-2024-26146

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-02-22T00:00:00Z

Links: CVE-2024-26146 - Bugzilla