{"uuid": "7b3289d2-9f1b-457e-91eb-f78f1ae25c7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25126", "type": "seen", "source": "https://t.me/MrVGunz/1140", "content": "(CVE-2024-25126) Rack \u06cc\u06a9 \u0631\u0627\u0628\u0637 \u0633\u0631\u0648\u0631 \u0648\u0628 \u0645\u062f\u0648\u0644\u0627\u0631 Ruby \u0627\u0633\u062a. \u0647\u062f\u0631\u0647\u0627\u06cc \u0646\u0648\u0639 \u0645\u062d\u062a\u0648\u0627 \u06a9\u0647 \u0628\u0627 \u062f\u0642\u062a \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627\u0639\u062b \u0634\u0648\u0646\u062f \u06a9\u0647 \u067e\u0627\u0631\u0633\u0631 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647 Rack \u0645\u062f\u062a \u0632\u0645\u0627\u0646 \u0628\u06cc\u0634\u062a\u0631\u06cc \u0627\u0632 \u062d\u062f \u0627\u0646\u062a\u0638\u0627\u0631 \u0631\u0627 \u0635\u0631\u0641 \u06a9\u0646\u062f \u0648 \u0645\u0646\u062c\u0631 \u0628\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (ReDos \u062f\u0631\u062c\u0647 \u062f\u0648\u0645 \u0686\u0646\u062f\u062c\u0645\u0644\u0647\u200c\u0627\u06cc) \u0634\u0648\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 3.0.9.1 \u0648 2.2.8.1 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u0627\u0633\u062a.\n\u0644\u06cc\u0646\u06a9: https://nvd.nist.gov/vuln/detail/CVE-2024-25126\n\n(CVE-2024-25126) Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u2019s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.\nLink: https://nvd.nist.gov/vuln/detail/CVE-2024-25126", "creation_timestamp": "2024-05-23T12:23:53.000000Z"}