Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/rack-protection@1.5.2

Type gem

Namespace

Name rack-protection

Version 1.5.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.5.5

Latest_non_vulnerable_version 1.5.5

Affected_by_vulnerabilities

url VCID-nwqq-fdtk-dudg

vulnerability_id VCID-nwqq-fdtk-dudg

summary

Path traversal on Windows
Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7212.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7212

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.5132
published_at	2026-04-18T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51175
published_at	2026-04-01T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51228
published_at	2026-04-02T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51254
published_at	2026-04-04T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51212
published_at	2026-04-07T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51268
published_at	2026-04-08T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51264
published_at	2026-04-09T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51308
published_at	2026-04-11T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51287
published_at	2026-04-12T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51273
published_at	2026-04-13T12:55:00Z

value	0.00278
scoring_system	epss
scoring_elements	0.51313
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7212

reference_url	https://github.com/sinatra/rack-protection/pull/120
reference_id
reference_type
scores
url	https://github.com/sinatra/rack-protection/pull/120

reference_url	https://github.com/sinatra/rack-protection/pull/120/commits/4239c2f189a73dfc93e957fc97adcbcbc0ed31c6
reference_id
reference_type
scores
url	https://github.com/sinatra/rack-protection/pull/120/commits/4239c2f189a73dfc93e957fc97adcbcbc0ed31c6

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c

reference_url	https://github.com/sinatra/sinatra/commit/d17aa95f5056c52daf5d7c3170fbfd831dc96381
reference_id
reference_type
scores
url	https://github.com/sinatra/sinatra/commit/d17aa95f5056c52daf5d7c3170fbfd831dc96381

reference_url

https://github.com/sinatra/sinatra/pull/1379

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/pull/1379

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1802282
reference_id	1802282
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1802282

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7212

reference_id

CVE-2018-7212

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7212

reference_url

https://github.com/advisories/GHSA-h29f-7f56-j8wh

reference_id

GHSA-h29f-7f56-j8wh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h29f-7f56-j8wh

fixed_packages

url pkg:gem/rack-protection@2.0.1

purl pkg:gem/rack-protection@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nwqq-fdtk-dudg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack-protection@2.0.1

aliases CVE-2018-7212, GHSA-h29f-7f56-j8wh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwqq-fdtk-dudg

url VCID-q4x5-bxn7-5yht

vulnerability_id VCID-q4x5-bxn7-5yht

summary

Timing attack vulnerability
Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1060

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1060

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000119.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000119.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000119

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.624
published_at	2026-04-09T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62383
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62333
published_at	2026-04-07T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62367
published_at	2026-04-04T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62337
published_at	2026-04-02T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62279
published_at	2026-04-01T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62409
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62419
published_at	2026-04-11T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62575
published_at	2026-04-18T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62528
published_at	2026-04-13T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62569
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000119

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000119
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000119

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.yml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.yml

reference_url

https://github.com/sinatra/rack-protection

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/rack-protection

reference_url

https://github.com/sinatra/rack-protection/pull/98

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/rack-protection/pull/98

reference_url

https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109

reference_url

https://www.debian.org/security/2018/dsa-4247

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4247

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1534027
reference_id	1534027
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1534027

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000119

reference_id

CVE-2018-1000119

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000119

reference_url

https://github.com/advisories/GHSA-688c-3x49-6rqj

reference_id

GHSA-688c-3x49-6rqj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-688c-3x49-6rqj

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:gem/rack-protection@1.5.5
purl	pkg:gem/rack-protection@1.5.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rack-protection@1.5.5

url pkg:gem/rack-protection@2.0.0

purl pkg:gem/rack-protection@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nwqq-fdtk-dudg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack-protection@2.0.0

aliases CVE-2018-1000119, GHSA-688c-3x49-6rqj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4x5-bxn7-5yht

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack-protection@1.5.2

Package Instance