Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-0262 (GCVE-0-2013-0262)
Vulnerability from cvelistv5 – Published: 2013-02-08 20:00 – Updated: 2024-08-06 14:18
VLAI?
EPSS
Summary
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://groups.google.com/forum/#%21msg/rack-deve… | x_refsource_CONFIRM |
| https://gist.github.com/rentzsch/4736940 | x_refsource_MISC |
| http://secunia.com/advisories/52033 | third-party-advisoryx_refsource_SECUNIA |
| http://rack.github.com/ | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=909071 | x_refsource_MISC |
| https://groups.google.com/forum/#%21msg/rack-deve… | x_refsource_CONFIRM |
| https://github.com/rack/rack/commit/6f237e4c9fab6… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| https://github.com/rack/rack/blob/master/lib/rack… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=909072 | x_refsource_CONFIRM |
Date Public ?
2013-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"name": "52033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rack.github.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"name": "openSUSE-SU-2013:0462",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"name": "52033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rack.github.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"name": "openSUSE-SU-2013:0462",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0262",
"datePublished": "2013-02-08T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2013-0262",
"date": "2026-05-20",
"epss": "0.01263",
"percentile": "0.79651"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A3DD73E-6BD4-4C18-A4B8-AFA6860A4585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95E3FF6F-58C3-4491-BBD1-C4C13287A07D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C04A5634-62C7-4B01-B644-06A6A1D5A828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"290B1557-33F7-4717-B3C4-081FECF71BD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAB99ED2-4E74-4652-9A04-A46436F151E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F55AF59F-CA0C-4F48-81BF-C9316672886D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DA5F2A1-86CC-4836-A75F-9B275884683A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \\\"symlink path traversals.\\\"\"}, {\"lang\": \"es\", \"value\": \"rack/file.rb (Rack::File) en Rack v1.5.x anterior a v1.5.2 y v1.4.x anterior a v1.4.5 permite a atacantes acceder a ficheros arbitrarios fuera del directorio raiz mediante una variable de entorno PATH_INFO especialmente dise\\u00f1ada, posiblemente una vulnerabilidad de salto de directorio remotamente explotable, tambi\\u00e9n conocido como \\\"salto de directorio symlink\\\".\"}]",
"id": "CVE-2013-0262",
"lastModified": "2024-11-21T01:47:11.017",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2013-02-08T20:55:01.577",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rack.github.com/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/52033\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=909071\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=909072\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://gist.github.com/rentzsch/4736940\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rack.github.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/52033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=909071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=909072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://gist.github.com/rentzsch/4736940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-0262\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-02-08T20:55:01.577\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \\\"symlink path traversals.\\\"\"},{\"lang\":\"es\",\"value\":\"rack/file.rb (Rack::File) en Rack v1.5.x anterior a v1.5.2 y v1.4.x anterior a v1.4.5 permite a atacantes acceder a ficheros arbitrarios fuera del directorio raiz mediante una variable de entorno PATH_INFO especialmente dise\u00f1ada, posiblemente una vulnerabilidad de salto de directorio remotamente explotable, tambi\u00e9n conocido como \\\"salto de directorio symlink\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3DD73E-6BD4-4C18-A4B8-AFA6860A4585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E3FF6F-58C3-4491-BBD1-C4C13287A07D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04A5634-62C7-4B01-B644-06A6A1D5A828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"290B1557-33F7-4717-B3C4-081FECF71BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAB99ED2-4E74-4652-9A04-A46436F151E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F55AF59F-CA0C-4F48-81BF-C9316672886D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA5F2A1-86CC-4836-A75F-9B275884683A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rack.github.com/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/52033\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=909071\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=909072\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gist.github.com/rentzsch/4736940\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rack.github.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/52033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=909071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=909072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gist.github.com/rentzsch/4736940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2013-0262
Vulnerability from fkie_nvd - Published: 2013-02-08 20:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rack_project | rack | 1.4.0 | |
| rack_project | rack | 1.4.1 | |
| rack_project | rack | 1.4.2 | |
| rack_project | rack | 1.4.3 | |
| rack_project | rack | 1.4.4 | |
| rack_project | rack | 1.5.0 | |
| rack_project | rack | 1.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3DD73E-6BD4-4C18-A4B8-AFA6860A4585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95E3FF6F-58C3-4491-BBD1-C4C13287A07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C04A5634-62C7-4B01-B644-06A6A1D5A828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "290B1557-33F7-4717-B3C4-081FECF71BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB99ED2-4E74-4652-9A04-A46436F151E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F55AF59F-CA0C-4F48-81BF-C9316672886D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA5F2A1-86CC-4836-A75F-9B275884683A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\""
},
{
"lang": "es",
"value": "rack/file.rb (Rack::File) en Rack v1.5.x anterior a v1.5.2 y v1.4.x anterior a v1.4.5 permite a atacantes acceder a ficheros arbitrarios fuera del directorio raiz mediante una variable de entorno PATH_INFO especialmente dise\u00f1ada, posiblemente una vulnerabilidad de salto de directorio remotamente explotable, tambi\u00e9n conocido como \"salto de directorio symlink\"."
}
],
"id": "CVE-2013-0262",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T20:55:01.577",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rack.github.com/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52033"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
},
{
"source": "secalert@redhat.com",
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rack.github.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-85R7-W5MV-C849
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-08-25 23:30
VLAI?
Summary
Rack Vulnerable to Path Traversal
Details
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-0262"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:24:29Z",
"nvd_published_at": "2013-02-08T20:55:00Z",
"severity": "MODERATE"
},
"details": "`rack/file.rb` (`Rack::File`) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted `PATH_INFO` environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"id": "GHSA-85r7-w5mv-c849",
"modified": "2023-08-25T23:30:15Z",
"published": "2017-10-24T18:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
},
{
"type": "WEB",
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"type": "PACKAGE",
"url": "https://github.com/rack/rack"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Rack Vulnerable to Path Traversal"
}
GSD-2013-0262
Vulnerability from gsd - Updated: 2013-02-07 00:00Details
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-0262",
"description": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"id": "GSD-2013-0262",
"references": [
"https://www.suse.com/security/cve/CVE-2013-0262.html",
"https://access.redhat.com/errata/RHSA-2013:0638"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack",
"purl": "pkg:gem/rack"
}
}
],
"aliases": [
"CVE-2013-0262",
"OSVDB-89938"
],
"details": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"id": "GSD-2013-0262",
"modified": "2013-02-07T00:00:00.000Z",
"published": "2013-02-07T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 4.3,
"type": "CVSS_V2"
}
],
"summary": "CVE-2013-0262 rubygem-rack: Path sanitization information disclosure"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"name": "http://rack.github.com/",
"refsource": "MISC",
"url": "http://rack.github.com/"
},
{
"name": "http://secunia.com/advisories/52033",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52033"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909071",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"name": "https://gist.github.com/rentzsch/4736940",
"refsource": "MISC",
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"name": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56",
"refsource": "MISC",
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"name": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30",
"refsource": "MISC",
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909072",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-0262",
"cvss_v2": 4.3,
"date": "2013-02-07",
"description": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"gem": "rack",
"osvdb": 89938,
"patched_versions": [
"~\u003e 1.4.5",
"\u003e= 1.5.2"
],
"title": "CVE-2013-0262 rubygem-rack: Path sanitization information disclosure",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.4.0 \u003c1.4.5 || \u003e=1.5.0 \u003c1.5.2",
"affected_versions": "All versions starting from 1.4.0 before 1.4.5, all versions starting from 1.5.0 before 1.5.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2018-08-13",
"description": "Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"\t",
"fixed_versions": [
"1.4.5",
"1.5.2"
],
"identifier": "CVE-2013-0262",
"identifiers": [
"CVE-2013-0262"
],
"package_slug": "gem/rack",
"pubdate": "2013-02-08",
"solution": "Upgrade",
"title": "Symlink path traversal in Rack::File",
"urls": [
"http://rack.github.com/"
],
"uuid": "a377e5d0-7fb3-4415-97ba-d61ff644c9fd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0262"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909072",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072"
},
{
"name": "52033",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52033"
},
{
"name": "http://rack.github.com/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://rack.github.com/"
},
{
"name": "https://gist.github.com/rentzsch/4736940",
"refsource": "MISC",
"tags": [],
"url": "https://gist.github.com/rentzsch/4736940"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909071",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071"
},
{
"name": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56",
"refsource": "MISC",
"tags": [],
"url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"
},
{
"name": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"
},
{
"name": "openSUSE-SU-2013:0462",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ",
"refsource": "MISC",
"tags": [],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ",
"refsource": "MISC",
"tags": [],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:40Z",
"publishedDate": "2013-02-08T20:55Z"
}
}
}
OPENSUSE-SU-2024:10115-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media
Description of the patch: These are all security issues fixed in the ruby2.2-rubygem-rack-1_4-1.4.7-1.8 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10115
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.2-rubygem-rack-1_4-1.4.7-1.8 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10115",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10115-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
}
],
"title": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10115-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
}
]
}
OPENSUSE-SU-2024:10406-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby2.2-rubygem-rack-1_6-1.6.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10406
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.2-rubygem-rack-1_6-1.6.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10406",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10406-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10406-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"product_id": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
OPENSUSE-SU-2024:11344-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.7-rubygem-rack-2.2.3-1.7 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.7-rubygem-rack-2.2.3-1.7 on GA media
Description of the patch: These are all security issues fixed in the ruby2.7-rubygem-rack-2.2.3-1.7 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11344
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.7-rubygem-rack-2.2.3-1.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.7-rubygem-rack-2.2.3-1.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11344",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11344-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
}
],
"title": "ruby2.7-rubygem-rack-2.2.3-1.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11344-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"product": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"product_id": "ruby2.7-rubygem-rack-2.2.3-1.7.aarch64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"product": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"product_id": "ruby3.0-rubygem-rack-2.2.3-1.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"product": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"product_id": "ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"product": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"product_id": "ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"product": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"product_id": "ruby2.7-rubygem-rack-2.2.3-1.7.s390x"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"product": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"product_id": "ruby3.0-rubygem-rack-2.2.3-1.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"product": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"product_id": "ruby2.7-rubygem-rack-2.2.3-1.7.x86_64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.x86_64",
"product": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.x86_64",
"product_id": "ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64"
},
"product_reference": "ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le"
},
"product_reference": "ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x"
},
"product_reference": "ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.2.3-1.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64"
},
"product_reference": "ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64"
},
"product_reference": "ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le"
},
"product_reference": "ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x"
},
"product_reference": "ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.2.3-1.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
},
"product_reference": "ruby3.0-rubygem-rack-2.2.3-1.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
}
]
}
OPENSUSE-SU-2024:11345-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.7-rubygem-rack-1_6-1.6.13-1.13 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.7-rubygem-rack-1_6-1.6.13-1.13 on GA media
Description of the patch: These are all security issues fixed in the ruby2.7-rubygem-rack-1_6-1.6.13-1.13 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11345
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.7-rubygem-rack-1_6-1.6.13-1.13 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11345",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11345-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11345-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"product": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"product_id": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"product": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"product_id": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"product": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"product_id": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"product": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"product_id": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"product": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"product_id": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"product": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"product_id": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"product": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"product_id": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"product": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"product_id": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64"
},
"product_reference": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le"
},
"product_reference": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x"
},
"product_reference": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64"
},
"product_reference": "ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64"
},
"product_reference": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le"
},
"product_reference": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x"
},
"product_reference": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
},
"product_reference": "ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
OPENSUSE-SU-2024:11346-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.7-rubygem-rack-2.0-2.0.9-1.10 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.7-rubygem-rack-2.0-2.0.9-1.10 on GA media
Description of the patch: These are all security issues fixed in the ruby2.7-rubygem-rack-2.0-2.0.9-1.10 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11346
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.7-rubygem-rack-2.0-2.0.9-1.10 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11346",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11346-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
}
],
"title": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11346-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"product": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"product_id": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"product": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"product_id": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"product": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"product_id": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"product": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"product_id": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"product": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"product_id": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"product": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"product_id": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"product": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"product_id": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"product": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"product_id": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64"
},
"product_reference": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le"
},
"product_reference": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x"
},
"product_reference": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64"
},
"product_reference": "ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64"
},
"product_reference": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le"
},
"product_reference": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x"
},
"product_reference": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
},
"product_reference": "ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
}
]
}
OPENSUSE-SU-2024:12119-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby3.1-rubygem-rack-2.2.3.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12119
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-rack-2.2.3.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12119",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12119-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12119-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
OPENSUSE-SU-2024:12397-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby3.1-rubygem-rack-2.2-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12397
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-rack-2.2-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12397",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12397-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12397-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…