Package Instance

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-6109

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-6109

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

reference_id

reference_type

scores

value	0.00828
scoring_system	epss
scoring_elements	0.7457
published_at	2026-04-24T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.7445
published_at	2026-04-01T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74454
published_at	2026-04-02T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.7448
published_at	2026-04-04T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74455
published_at	2026-04-07T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74487
published_at	2026-04-08T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74503
published_at	2026-04-09T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74524
published_at	2026-04-11T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74506
published_at	2026-04-12T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74497
published_at	2026-04-13T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74535
published_at	2026-04-21T12:55:00Z

value	0.00828
scoring_system	epss
scoring_elements	0.74542
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=895277

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=895277

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/blob/master/README.rdoc

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/blob/master/README.rdoc

reference_url

https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml

reference_url

https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

reference_url

https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

reference_url

https://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440
reference_id	698440
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack::::::::
reference_id	cpe:2.3:a:rack_project:rack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:0.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6109

reference_id

CVE-2012-6109

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6109

reference_url

https://github.com/advisories/GHSA-h77x-m5q8-c29h

reference_id

GHSA-h77x-m5q8-c29h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h77x-m5q8-c29h

reference_url	https://security.gentoo.org/glsa/201405-10
reference_id	GLSA-201405-10
reference_type
scores
url	https://security.gentoo.org/glsa/201405-10

fixed_packages

url pkg:gem/rack@1.3.7

purl pkg:gem/rack@1.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-91xe-ev7t-akb9

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-teq8-nqhf-xbbq

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.7

url pkg:gem/rack@1.4.2

purl pkg:gem/rack@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-teq8-nqhf-xbbq

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.2

aliases CVE-2012-6109, GHSA-h77x-m5q8-c29h, OSV-89317

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91xe-ev7t-akb9

url VCID-9uh8-upzm-7bgd

vulnerability_id VCID-9uh8-upzm-7bgd

summary

Uncontrolled Resource Consumption
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack  allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0548.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0548.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0548

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0548

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json

reference_url

https://access.redhat.com/security/cve/CVE-2013-0184

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0184

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0184

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71501
published_at	2026-04-13T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71581
published_at	2026-04-24T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7153
published_at	2026-04-21T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71552
published_at	2026-04-18T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71535
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71519
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71463
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71547
published_at	2026-04-16T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7147
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71487
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7146
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.715
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71512
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0184

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=895384

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=895384

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0184

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440
reference_id	698440
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.6:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.7:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.8:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.2:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.3:::::::*
reference_id	cpe:2.3:a:rack_project:rack:1.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.3:::::::*

reference_url

reference_id

CVE-2013-0184

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0184

reference_url

https://github.com/advisories/GHSA-v882-ccj6-jc48

reference_id

GHSA-v882-ccj6-jc48

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v882-ccj6-jc48

reference_url	https://security.gentoo.org/glsa/201405-10
reference_id	GLSA-201405-10
reference_type
scores
url	https://security.gentoo.org/glsa/201405-10

fixed_packages

url pkg:gem/rack@1.3.9

purl pkg:gem/rack@1.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-91xe-ev7t-akb9

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-teq8-nqhf-xbbq

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.9

url pkg:gem/rack@1.4.4

purl pkg:gem/rack@1.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.4

url pkg:gem/rack@1.5.0.beta.1

purl pkg:gem/rack@1.5.0.beta.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1

aliases CVE-2013-0184, GHSA-v882-ccj6-jc48, OSV-89327

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uh8-upzm-7bgd

url VCID-ge4d-a8z8-m3c6

vulnerability_id VCID-ge4d-a8z8-m3c6

summary

Hash Collision Form Parameter Parsing Remote DoS
This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

references

reference_url	http://osvdb.org/show/osvdb/78121
reference_id
reference_type
scores
url	http://osvdb.org/show/osvdb/78121

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5036.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5036.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-5036

reference_id

reference_type

scores

value	0.01278
scoring_system	epss
scoring_elements	0.79524
published_at	2026-04-07T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79622
published_at	2026-04-24T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.7959
published_at	2026-04-21T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79585
published_at	2026-04-18T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79587
published_at	2026-04-16T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79552
published_at	2026-04-08T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79557
published_at	2026-04-13T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79565
published_at	2026-04-12T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79581
published_at	2026-04-11T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79508
published_at	2026-04-01T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79515
published_at	2026-04-02T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79559
published_at	2026-04-09T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79537
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-5036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036

reference_url

https://gist.github.com/52bbc6b9cc19ce330829

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/52bbc6b9cc19ce330829

reference_url	https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228
reference_id
reference_type
scores
url	https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-5036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-5036

reference_url

https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1

reference_url

https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/903934

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/903934

reference_url

http://www.nruns.com/_downloads/advisory28122011.pdf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.nruns.com/_downloads/advisory28122011.pdf

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963
reference_id	653963
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=771149
reference_id	771149
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=771149

reference_url

http://www.ocert.org/advisories/ocert-2011-003.html

reference_id

CVE-2011-4885;OSVDB-78115

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ocert.org/advisories/ocert-2011-003.html

reference_url

https://github.com/advisories/GHSA-v6j3-7jrw-hq2p

reference_id

GHSA-v6j3-7jrw-hq2p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6j3-7jrw-hq2p

reference_url	https://security.gentoo.org/glsa/201203-05
reference_id	GLSA-201203-05
reference_type
scores
url	https://security.gentoo.org/glsa/201203-05

fixed_packages

url pkg:gem/rack@1.3.6

purl pkg:gem/rack@1.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-91xe-ev7t-akb9

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-teq8-nqhf-xbbq

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.6

url pkg:gem/rack@1.4.0

purl pkg:gem/rack@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-cpn8-w7h1

vulnerability	VCID-3ycr-9smk-uqdc

vulnerability	VCID-47ja-djzb-2bbw

vulnerability	VCID-7p12-ejdu-uqgy

vulnerability	VCID-7wvj-9h3p-23am

vulnerability	VCID-7zgg-tvu3-r7gt

vulnerability	VCID-8zkw-y3yd-yuft

vulnerability	VCID-91xe-ev7t-akb9

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-9uh8-upzm-7bgd

vulnerability	VCID-arac-j5h5-zkcu

vulnerability	VCID-azu5-jcmd-3ufx

vulnerability	VCID-c21j-snf1-d3cb

vulnerability	VCID-c5sc-7qnn-mkb9

vulnerability	VCID-d58r-22kr-9bct

vulnerability	VCID-fpg2-nhey-rkcc

vulnerability	VCID-gdhf-e8q1-kbat

vulnerability	VCID-gtzk-m9rm-57hw

vulnerability	VCID-jxws-ws21-4uaa

vulnerability	VCID-npag-sz7d-v7b6

vulnerability	VCID-qt1u-2p37-xfet

vulnerability	VCID-s971-gkdg-jkhc

vulnerability	VCID-skxv-7he3-xqgc

vulnerability	VCID-teq8-nqhf-xbbq

vulnerability	VCID-udc4-7jnt-y3fu

vulnerability	VCID-vkrw-y1j6-6fe7

vulnerability	VCID-w732-52bx-2qf8

vulnerability	VCID-wt7k-s1yd-nke6

vulnerability	VCID-xazq-qrm1-9ff6

vulnerability	VCID-xkah-9nv9-wufd

vulnerability	VCID-xnz5-gv2x-17bk

vulnerability	VCID-y12d-fjpf-uubh

vulnerability	VCID-yw62-qbkq-9ygq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.0

aliases CVE-2011-5036, GHSA-v6j3-7jrw-hq2p, OSV-78121

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge4d-a8z8-m3c6

url VCID-y12d-fjpf-uubh

vulnerability_id VCID-y12d-fjpf-uubh

summary

Timing attack against Rack::Session::Cookie
Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url	http://rack.github.com/
reference_id
reference_type
scores
url	http://rack.github.com/

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0263

reference_id

reference_type

scores

value	0.08626
scoring_system	epss
scoring_elements	0.92413
published_at	2026-04-04T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92428
published_at	2026-04-08T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92416
published_at	2026-04-07T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92398
published_at	2026-04-01T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92405
published_at	2026-04-02T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92449
published_at	2026-04-18T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.9245
published_at	2026-04-16T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92439
published_at	2026-04-13T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92441
published_at	2026-04-12T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92438
published_at	2026-04-11T12:55:00Z

value	0.08626
scoring_system	epss
scoring_elements	0.92432
published_at	2026-04-09T12:55:00Z

value	0.16071
scoring_system	epss
scoring_elements	0.94802
published_at	2026-04-24T12:55:00Z

value	0.16071
scoring_system	epss
scoring_elements	0.94801
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0263

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=909071

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=909071

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263

reference_url	http://secunia.com/advisories/52033
reference_id
reference_type
scores
url	http://secunia.com/advisories/52033

reference_url	http://secunia.com/advisories/52134
reference_id
reference_type
scores
url	http://secunia.com/advisories/52134

reference_url	http://secunia.com/advisories/52774
reference_id
reference_type
scores
url	http://secunia.com/advisories/52774

reference_url

https://gist.github.com/codahale/f9f3781f7b54985bee94

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/codahale/f9f3781f7b54985bee94

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07

reference_url

https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11

reference_url

https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J

reference_url	https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

reference_url	https://groups.google.com/forum/#%21msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

reference_url	https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

reference_url	https://groups.google.com/forum/#%21msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

reference_url

https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

reference_url

https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

reference_url

https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

reference_url

https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0263

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0263

reference_url	https://puppet.com/security/cve/cve-2013-0263
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0263

reference_url	https://twitter.com/coda/statuses/299732877745197056
reference_id
reference_type
scores
url	https://twitter.com/coda/statuses/299732877745197056

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url