Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rack@2.0.9.4
Typegem
Namespace
Namerack
Version2.0.9.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.23
Latest_non_vulnerable_version3.2.6
Affected_by_vulnerabilities
0
url VCID-1nzv-zger-fka9
vulnerability_id VCID-1nzv-zger-fka9
summary 
Rack has possible DoS Vulnerability with Range Header
# Possible DoS Vulnerability with Range Header in Rack

There is a possible DoS vulnerability relating to the Range request header in
Rack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.

Versions Affected:  >= 1.3.0.
Not affected:       < 1.3.0
Fixed Versions:     3.0.9.1, 2.2.8.1

Impact
------
Carefully crafted Range headers can cause a server to respond with an
unexpectedly large response. Responding with such large responses could lead
to a denial of service issue.

Vulnerable applications will use the `Rack::File` middleware or the
`Rack::Utils.byte_ranges` methods (this includes Rails applications).

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 3-0-range.patch - Patch for 3.0 series
* 2-2-range.patch - Patch for 2.2 series

Credits
-------

Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and
patch
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26141
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61607
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
9
reference_url https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
10
reference_url https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26141
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26141
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265594
reference_id 2265594
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265594
15
reference_url https://github.com/advisories/GHSA-xj5v-6v4g-jfw6
reference_id GHSA-xj5v-6v4g-jfw6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj5v-6v4g-jfw6
16
reference_url https://security.netapp.com/advisory/ntap-20240510-0007/
reference_id ntap-20240510-0007
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://security.netapp.com/advisory/ntap-20240510-0007/
17
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
18
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
19
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
20
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
21
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
22
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
23
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
24
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
25
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
26
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
27
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
28
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
29
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
1
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-26141, GHSA-xj5v-6v4g-jfw6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nzv-zger-fka9
1
url VCID-1pt2-23bn-7qev
vulnerability_id VCID-1pt2-23bn-7qev
summary rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/
url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
reference_id 2454504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
9
reference_url https://github.com/advisories/GHSA-q2ww-5357-x388
reference_id GHSA-q2ww-5357-x388
reference_type
scores
url https://github.com/advisories/GHSA-q2ww-5357-x388
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34831, GHSA-q2ww-5357-x388
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pt2-23bn-7qev
2
url VCID-21pz-m7dy-8bey
vulnerability_id VCID-21pz-m7dy-8bey
summary github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02889
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/
url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
reference_id 2454483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
9
reference_url https://github.com/advisories/GHSA-vgpv-f759-9wx3
reference_id GHSA-vgpv-f759-9wx3
reference_type
scores
url https://github.com/advisories/GHSA-vgpv-f759-9wx3
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-26961, GHSA-vgpv-f759-9wx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21pz-m7dy-8bey
3
url VCID-2zdv-mr4w-zkfg
vulnerability_id VCID-2zdv-mr4w-zkfg
summary rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01466
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
6
reference_url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
7
reference_url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements
1
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
reference_id 1117855
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
reference_id 2403126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
13
reference_url https://github.com/advisories/GHSA-r657-rxjc-j557
reference_id GHSA-r657-rxjc-j557
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r657-rxjc-j557
14
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.20
purl pkg:gem/rack@2.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5pry-5agj-tygz
4
vulnerability VCID-6hht-91zy-fqdf
5
vulnerability VCID-6t6w-vvzt-fqd9
6
vulnerability VCID-7pey-8xge-1fbz
7
vulnerability VCID-8rbg-wrmj-1bcu
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
3
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61780, GHSA-r657-rxjc-j557
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zdv-mr4w-zkfg
4
url VCID-4umy-say3-ruad
vulnerability_id VCID-4umy-say3-ruad
summary rubygem-rack: Rack stored XSS in Rack::Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07554
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
reference_id 1128480
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
reference_id 2440738
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
11
reference_url https://github.com/advisories/GHSA-whrj-4476-wvmp
reference_id GHSA-whrj-4476-wvmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whrj-4476-wvmp
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@2.2.22
purl pkg:gem/rack@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-6hht-91zy-fqdf
3
vulnerability VCID-6t6w-vvzt-fqd9
4
vulnerability VCID-7pey-8xge-1fbz
5
vulnerability VCID-8rbg-wrmj-1bcu
6
vulnerability VCID-j3e9-y38h-xbbu
7
vulnerability VCID-mftr-ma4j-mbhy
8
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22
1
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
2
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-25500, GHSA-whrj-4476-wvmp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4umy-say3-ruad
5
url VCID-5pry-5agj-tygz
vulnerability_id VCID-5pry-5agj-tygz
summary rubygem-rack: Rack Directory Traversal via Rack:Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31135
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
reference_id 1128479
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
reference_id 2440737
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
11
reference_url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
reference_id GHSA-mxw3-3hh2-x2mh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@2.2.22
purl pkg:gem/rack@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-6hht-91zy-fqdf
3
vulnerability VCID-6t6w-vvzt-fqd9
4
vulnerability VCID-7pey-8xge-1fbz
5
vulnerability VCID-8rbg-wrmj-1bcu
6
vulnerability VCID-j3e9-y38h-xbbu
7
vulnerability VCID-mftr-ma4j-mbhy
8
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22
1
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
2
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-22860, GHSA-mxw3-3hh2-x2mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pry-5agj-tygz
6
url VCID-6hht-91zy-fqdf
vulnerability_id VCID-6hht-91zy-fqdf
summary rack: Rack: Denial of Service via crafted Accept-Encoding header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06608
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/
url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
reference_id 2454493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
9
reference_url https://github.com/advisories/GHSA-v569-hp3g-36wr
reference_id GHSA-v569-hp3g-36wr
reference_type
scores
url https://github.com/advisories/GHSA-v569-hp3g-36wr
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34230, GHSA-v569-hp3g-36wr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hht-91zy-fqdf
7
url VCID-6t6w-vvzt-fqd9
vulnerability_id VCID-6t6w-vvzt-fqd9
summary github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/
url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
reference_id 2454486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
9
reference_url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
reference_id GHSA-h2jq-g4cq-5ppq
reference_type
scores
url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34785, GHSA-h2jq-g4cq-5ppq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6w-vvzt-fqd9
8
url VCID-7pey-8xge-1fbz
vulnerability_id VCID-7pey-8xge-1fbz
summary rack: Rack: Denial of Service via unbounded multipart file upload
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20368
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/
url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
reference_id 2454488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
9
reference_url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
reference_id GHSA-8vqr-qjwx-82mw
reference_type
scores
url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34829, GHSA-8vqr-qjwx-82mw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pey-8xge-1fbz
9
url VCID-87hv-57m8-4qey
vulnerability_id VCID-87hv-57m8-4qey
summary rack: rubygem-rack: Local File Inclusion in Rack::Static
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27610
reference_id
reference_type
scores
0
value 0.01854
scoring_system epss
scoring_elements 0.83334
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27610
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/
url https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/
url https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27610
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27610
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444
reference_id 1100444
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2351231
reference_id 2351231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2351231
12
reference_url https://github.com/advisories/GHSA-7wqh-767x-r66v
reference_id GHSA-7wqh-767x-r66v
reference_type
scores
url https://github.com/advisories/GHSA-7wqh-767x-r66v
13
reference_url https://access.redhat.com/errata/RHSA-2025:3448
reference_id RHSA-2025:3448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3448
14
reference_url https://access.redhat.com/errata/RHSA-2025:3490
reference_id RHSA-2025:3490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3490
15
reference_url https://access.redhat.com/errata/RHSA-2025:3491
reference_id RHSA-2025:3491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3491
16
reference_url https://access.redhat.com/errata/RHSA-2025:3492
reference_id RHSA-2025:3492
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3492
17
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
18
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
19
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
20
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.13
purl pkg:gem/rack@2.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-k4w7-sm5v-yqgb
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-tjh9-vfdw-7yen
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.13
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.14
purl pkg:gem/rack@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-nqds-u1fk-y7ch
15
vulnerability VCID-tzca-xm43-xugs
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14
3
url pkg:gem/rack@3.1.12
purl pkg:gem/rack@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-nqds-u1fk-y7ch
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12
aliases CVE-2025-27610, GHSA-7wqh-767x-r66v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87hv-57m8-4qey
10
url VCID-8kwp-wuv8-gqf8
vulnerability_id VCID-8kwp-wuv8-gqf8
summary rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51764
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
6
reference_url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
7
reference_url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
reference_id 1117856
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
reference_id 2403180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
13
reference_url https://github.com/advisories/GHSA-6xw4-3v39-52mm
reference_id GHSA-6xw4-3v39-52mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xw4-3v39-52mm
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
23
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
24
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
25
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
26
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
27
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
28
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
29
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.20
purl pkg:gem/rack@2.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5pry-5agj-tygz
4
vulnerability VCID-6hht-91zy-fqdf
5
vulnerability VCID-6t6w-vvzt-fqd9
6
vulnerability VCID-7pey-8xge-1fbz
7
vulnerability VCID-8rbg-wrmj-1bcu
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
3
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61919, GHSA-6xw4-3v39-52mm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kwp-wuv8-gqf8
11
url VCID-8rbg-wrmj-1bcu
vulnerability_id VCID-8rbg-wrmj-1bcu
summary rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/
url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
reference_id 2454510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
9
reference_url https://github.com/advisories/GHSA-qv7j-4883-hwh7
reference_id GHSA-qv7j-4883-hwh7
reference_type
scores
url https://github.com/advisories/GHSA-qv7j-4883-hwh7
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34830, GHSA-qv7j-4883-hwh7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rbg-wrmj-1bcu
12
url VCID-9dqs-zbmn-b7e4
vulnerability_id VCID-9dqs-zbmn-b7e4
summary rack: Rack memory exhaustion denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55636
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
reference_id 2402200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
13
reference_url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61772, GHSA-wpv5-97wm-hp9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dqs-zbmn-b7e4
13
url VCID-dzhg-3hy9-w3gv
vulnerability_id VCID-dzhg-3hy9-w3gv
summary rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.2864
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
reference_id 1117628
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
reference_id 2402175
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
13
reference_url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
19
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
20
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
21
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
22
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
23
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
24
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzhg-3hy9-w3gv
14
url VCID-f6u2-fhux-43f3
vulnerability_id VCID-f6u2-fhux-43f3
summary rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27111
reference_id
reference_type
scores
0
value 0.00865
scoring_system epss
scoring_elements 0.75428
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27111
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
6
reference_url https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
7
reference_url https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27111
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27111
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546
reference_id 1099546
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2349810
reference_id 2349810
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2349810
14
reference_url https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
reference_id GHSA-8cgq-6mh2-7j6v
reference_type
scores
url https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
15
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
16
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.12
purl pkg:gem/rack@2.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-j3e9-y38h-xbbu
14
vulnerability VCID-juuh-9psh-yyar
15
vulnerability VCID-k4w7-sm5v-yqgb
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-nqds-u1fk-y7ch
18
vulnerability VCID-tjh9-vfdw-7yen
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.12
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.13
purl pkg:gem/rack@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-j3e9-y38h-xbbu
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-nqds-u1fk-y7ch
16
vulnerability VCID-tzca-xm43-xugs
17
vulnerability VCID-v2nc-35z6-2kf6
18
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13
3
url pkg:gem/rack@3.1.11
purl pkg:gem/rack@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dchf-rhvg-zycw
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-tzca-xm43-xugs
20
vulnerability VCID-v2nc-35z6-2kf6
21
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11
aliases CVE-2025-27111, GHSA-8cgq-6mh2-7j6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6u2-fhux-43f3
15
url VCID-j3e9-y38h-xbbu
vulnerability_id VCID-j3e9-y38h-xbbu
summary rack: Rack: Security header bypass via URL-encoded static path requests
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13787
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/
url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
reference_id 2454507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
9
reference_url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
reference_id GHSA-q4qf-9j86-f5mh
reference_type
scores
url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34786, GHSA-q4qf-9j86-f5mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e9-y38h-xbbu
16
url VCID-juuh-9psh-yyar
vulnerability_id VCID-juuh-9psh-yyar
summary rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5021
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
reference_id 2402174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
13
reference_url https://github.com/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p543-xpfm-54cp
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61770, GHSA-p543-xpfm-54cp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-juuh-9psh-yyar
17
url VCID-k4w7-sm5v-yqgb
vulnerability_id VCID-k4w7-sm5v-yqgb
summary rack: Rack Session Reuse Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.2651
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
6
reference_url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
8
reference_url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
reference_id 2364965
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
12
reference_url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
reference_id GHSA-vpfw-47h7-xj4g
reference_type
scores
url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
13
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:gem/rack@2.2.14
purl pkg:gem/rack@2.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-tjh9-vfdw-7yen
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14
aliases CVE-2025-32441, GHSA-vpfw-47h7-xj4g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4w7-sm5v-yqgb
18
url VCID-mftr-ma4j-mbhy
vulnerability_id VCID-mftr-ma4j-mbhy
summary rack: Rack: Denial of Service via malicious HTTP Range header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06114
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/
url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
reference_id 2454508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
9
reference_url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
reference_id GHSA-x8cg-fq8g-mxfx
reference_type
scores
url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34826, GHSA-x8cg-fq8g-mxfx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mftr-ma4j-mbhy
19
url VCID-nqds-u1fk-y7ch
vulnerability_id VCID-nqds-u1fk-y7ch
summary rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74504
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
6
reference_url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
7
reference_url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
reference_id 1104927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
reference_id 2364966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
13
reference_url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
reference_id GHSA-gjh7-p2fx-99vx
reference_type
scores
url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
14
reference_url https://access.redhat.com/errata/RHSA-2025:7604
reference_id RHSA-2025:7604
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7604
15
reference_url https://access.redhat.com/errata/RHSA-2025:7605
reference_id RHSA-2025:7605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7605
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8256
reference_id RHSA-2025:8256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8256
18
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
19
reference_url https://access.redhat.com/errata/RHSA-2025:8288
reference_id RHSA-2025:8288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8288
20
reference_url https://access.redhat.com/errata/RHSA-2025:8289
reference_id RHSA-2025:8289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8289
21
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
22
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
23
reference_url https://access.redhat.com/errata/RHSA-2025:8319
reference_id RHSA-2025:8319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8319
24
reference_url https://access.redhat.com/errata/RHSA-2025:8322
reference_id RHSA-2025:8322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8322
25
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
26
reference_url https://access.redhat.com/errata/RHSA-2025:9838
reference_id RHSA-2025:9838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9838
27
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:gem/rack@2.2.14
purl pkg:gem/rack@2.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-tjh9-vfdw-7yen
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14
1
url pkg:gem/rack@3.0.16
purl pkg:gem/rack@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-v2nc-35z6-2kf6
16
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16
2
url pkg:gem/rack@3.1.14
purl pkg:gem/rack@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14
aliases CVE-2025-46727, GHSA-gjh7-p2fx-99vx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqds-u1fk-y7ch
20
url VCID-rvwc-cy1n-yffg
vulnerability_id VCID-rvwc-cy1n-yffg
summary rubygem-rack: Possible Log Injection in Rack::CommonLogger
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25184
reference_id
reference_type
scores
0
value 0.01345
scoring_system epss
scoring_elements 0.80354
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/
url https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25184
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25184
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257
reference_id 1098257
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2345301
reference_id 2345301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2345301
12
reference_url https://github.com/advisories/GHSA-7g2v-jj9q-g3rg
reference_id GHSA-7g2v-jj9q-g3rg
reference_type
scores
url https://github.com/advisories/GHSA-7g2v-jj9q-g3rg
13
reference_url https://access.redhat.com/errata/RHSA-2025:1985
reference_id RHSA-2025:1985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1985
14
reference_url https://access.redhat.com/errata/RHSA-2025:7085
reference_id RHSA-2025:7085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7085
15
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
16
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.11
purl pkg:gem/rack@2.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-tjh9-vfdw-7yen
20
vulnerability VCID-v2nc-35z6-2kf6
21
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.11
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.12
purl pkg:gem/rack@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12
3
url pkg:gem/rack@3.1.10
purl pkg:gem/rack@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dchf-rhvg-zycw
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-tzca-xm43-xugs
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10
aliases CVE-2025-25184, GHSA-7g2v-jj9q-g3rg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvwc-cy1n-yffg
21
url VCID-tjh9-vfdw-7yen
vulnerability_id VCID-tjh9-vfdw-7yen
summary rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.31734
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
reference_id 1116431
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
reference_id 2398167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
10
reference_url https://github.com/advisories/GHSA-625h-95r8-8xpm
reference_id GHSA-625h-95r8-8xpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-625h-95r8-8xpm
11
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
12
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
13
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
14
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
15
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
16
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
17
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
18
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
19
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
20
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
21
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7784-1/
reference_id USN-7784-1
reference_type
scores
url https://usn.ubuntu.com/7784-1/
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.18
purl pkg:gem/rack@2.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.18
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
aliases CVE-2025-59830, GHSA-625h-95r8-8xpm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh9-vfdw-7yen
22
url VCID-v2nc-35z6-2kf6
vulnerability_id VCID-v2nc-35z6-2kf6
summary rack: rubygem-rack: Rack Content-Disposition Denial of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
reference_id
reference_type
scores
0
value 0.00569
scoring_system epss
scoring_elements 0.68866
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
4
reference_url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
5
reference_url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
reference_id 1107363
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
reference_id 2370346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
11
reference_url https://github.com/advisories/GHSA-47m2-26rw-j2jw
reference_id GHSA-47m2-26rw-j2jw
reference_type
scores
url https://github.com/advisories/GHSA-47m2-26rw-j2jw
fixed_packages
0
url pkg:gem/rack@3.1.16
purl pkg:gem/rack@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16
aliases CVE-2025-49007, GHSA-47m2-26rw-j2jw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nc-35z6-2kf6
23
url VCID-vch5-2deq-euaq
vulnerability_id VCID-vch5-2deq-euaq
summary rack: Rack: Information disclosure via regular expression metacharacters in root path
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
reference_id 2454498
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
9
reference_url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
reference_id GHSA-7mqq-6cf9-v2qp
reference_type
scores
url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34763, GHSA-7mqq-6cf9-v2qp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vch5-2deq-euaq
24
url VCID-xrut-zyv4-e3bf
vulnerability_id VCID-xrut-zyv4-e3bf
summary 
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
### Summary

```ruby
module Rack
  class MediaType
    SPLIT_PATTERN = %r{\s*[;,]\s*}
```
The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.

### PoC

A simple HTTP request with lots of blank characters in the content-type header:

```ruby
request["Content-Type"] = (" " * 50_000) + "a,"
```

### Impact

It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25126
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.63937
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25126
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462
9
reference_url https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49
10
reference_url https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml
12
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25126
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25126
14
reference_url https://security.netapp.com/advisory/ntap-20240510-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0005
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265593
reference_id 2265593
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265593
17
reference_url https://github.com/advisories/GHSA-22f2-v57c-j9cx
reference_id GHSA-22f2-v57c-j9cx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22f2-v57c-j9cx
18
reference_url https://security.netapp.com/advisory/ntap-20240510-0005/
reference_id ntap-20240510-0005
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://security.netapp.com/advisory/ntap-20240510-0005/
19
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
20
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
21
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
22
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
23
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
24
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
25
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
26
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
27
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
28
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
29
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
30
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
1
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-25126, GHSA-22f2-v57c-j9cx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrut-zyv4-e3bf
Fixing_vulnerabilities
0
url VCID-5kyg-kwck-akaf
vulnerability_id VCID-5kyg-kwck-akaf
summary 
Rack Header Parsing leads to Possible Denial of Service Vulnerability
# Possible Denial of Service Vulnerability in Rack Header Parsing

There is a possible denial of service vulnerability in the header parsing
routines in Rack.  This vulnerability has been assigned the CVE identifier
CVE-2024-26146.

Versions Affected:  All.
Not affected:       None
Fixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1

Impact
------
Carefully crafted headers can cause header parsing in Rack to take longer than
expected resulting in a possible denial of service issue. Accept and Forwarded
headers are impacted.

Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2
or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 2-0-header-redos.patch - Patch for 2.0 series
* 2-1-header-redos.patch - Patch for 2.1 series
* 2-2-header-redos.patch - Patch for 2.2 series
* 3-0-header-redos.patch - Patch for 3.0 series

Credits
-------

Thanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and
providing patches!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26146
reference_id
reference_type
scores
0
value 0.00775
scoring_system epss
scoring_elements 0.73907
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26146
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716
9
reference_url https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582
10
reference_url https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f
11
reference_url https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
12
reference_url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26146
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26146
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265595
reference_id 2265595
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265595
17
reference_url https://github.com/advisories/GHSA-54rr-7fvw-6x8f
reference_id GHSA-54rr-7fvw-6x8f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54rr-7fvw-6x8f
18
reference_url https://security.netapp.com/advisory/ntap-20240510-0006/
reference_id ntap-20240510-0006
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://security.netapp.com/advisory/ntap-20240510-0006/
19
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
20
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
21
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
22
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
23
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
24
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
25
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
26
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
27
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
28
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
29
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
30
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
31
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.4
purl pkg:gem/rack@2.0.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-f6u2-fhux-43f3
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-k4w7-sm5v-yqgb
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tjh9-vfdw-7yen
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4
1
url pkg:gem/rack@2.1.4.4
purl pkg:gem/rack@2.1.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-f6u2-fhux-43f3
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-k4w7-sm5v-yqgb
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tjh9-vfdw-7yen
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4
2
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
3
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-26146, GHSA-54rr-7fvw-6x8f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kyg-kwck-akaf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4