CVE-2024-26141 (rack): Possible DoS Vulnerability with Range Header in Rack

Ruby Security Advisory

There is a possible DoS vulnerability relating to the Range request header in
Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.

Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions:, # Impact Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). # Releases The fixed releases are available at the normal locations. # Workarounds There are no feasible workarounds for this issue.