CVE-2024-26141 (rack): Possible DoS Vulnerability with Range Header in Rack

Ruby Security Advisory

There is a possible DoS vulnerability relating to the Range request header in
Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.

Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 # Impact Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). # Releases The fixed releases are available at the normal locations. # Workarounds There are no feasible workarounds for this issue.

READ MORE