{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T21:09:36.477","vulnerabilities":[{"cve":{"id":"CVE-2024-26141","sourceIdentifier":"security-advisories@github.com","published":"2024-02-29T00:15:51.403","lastModified":"2025-02-14T15:33:08.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1."},{"lang":"es","value":"Rack es una interfaz modular de servidor web Ruby. Los encabezados de rango cuidadosamente elaborados pueden hacer que un servidor responda con una respuesta inesperadamente grande. Responder con respuestas tan amplias podría dar lugar a un problema de denegación de servicio. Las aplicaciones vulnerables utilizarán el middleware `Rack::File` o los métodos `Rack::Utils.byte_ranges` (esto incluye aplicaciones Rails). La vulnerabilidad se solucionó en 3.0.9.1 y 2.2.8.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"2.2.8.1","matchCriteriaId":"746C9255-2FA2-4E9C-94DA-379396561EB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.9.1","matchCriteriaId":"FF0C5646-2AB6-4887-BA17-970964A53E3C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20240510-0007/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20240510-0007/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}