Byroot

Name of the Vulnerable Software and Affected Versions: JSON versions 2.10.0 through 2.10.1 Description: A specially crafted document could cause an out of bound read, most likely resulting in a crash. Recommendations: For versions 2.10.0 and 2.10.1, update to version 2.10.2 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted documents that could cause an out of bound read until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 2.2.8.1 Rack versions prior to 3.0.9.1 **Description** The issue is related to a denial of service vulnerability in Rack's content type parsing, where carefully crafted content type headers can cause the media type parser to take longer than expected. This can lead to a possible denial of service vulnerability, specifically a ReDos 2nd degree polynomial. **Recommendations** For versions prior to 2.2.8.1, update to version 2.2.8.1 to resolve the issue. For versions prior to 3.0.9.1, update to version 3.0.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the `Content-Type` header to minimize the risk of exploitation.