Browse all 37 CVE security advisories affecting rack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rack serves as a container orchestration platform, enabling developers to deploy and manage applications within isolated environments. Its architecture, which relies heavily on API interactions and web interfaces, has historically exposed it to a range of critical vulnerabilities. Among the 37 recorded CVEs, Remote Code Execution (RCE) and Cross-Site Scripting (XSS) represent the most prevalent threat vectors, often stemming from insufficient input validation in administrative endpoints. Additionally, privilege escalation flaws have allowed unauthorized users to gain elevated access, compromising the integrity of hosted workloads. While the platform offers robust isolation features, its complex dependency chain and frequent updates have occasionally introduced security gaps. These incidents highlight the necessity for rigorous patch management and strict access controls to mitigate risks associated with its containerized infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35231 | rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter — rack-contribCWE-770 | 8.6 | High | 2024-05-27 |
| CVE-2024-26141 | Possible DoS Vulnerability with Range Header in Rack — rackCWE-400 | 5.8 | Medium | 2024-02-28 |
| CVE-2024-25126 | Rack ReDos in content type parsing (2nd degree polynomial) — rackCWE-1333 | 5.3 | Medium | 2024-02-28 |
| CVE-2024-26146 | Possible Denial of Service Vulnerability in Rack Header Parsing — rackCWE-1333 | 5.3 | Medium | 2024-02-28 |
| CVE-2019-16782 | Possible Information Leak / Session Hijack Vulnerability in Rack — rackCWE-208 | 6.3 | Medium | 2019-12-18 |
| CVE-2018-16470 | Rack multipart parser 安全漏洞 — RackCWE-400 | 7.5 | - | 2018-11-13 |
| CVE-2018-16471 | Rack 跨站脚本漏洞 — RackCWE-79 | 6.1 | - | 2018-11-13 |
This page lists every published CVE security advisory associated with rack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.