Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rack@1.6.2
Typegem
Namespace
Namerack
Version1.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.23
Latest_non_vulnerable_version3.2.6
Affected_by_vulnerabilities
0
url VCID-1nzv-zger-fka9
vulnerability_id VCID-1nzv-zger-fka9
summary 
Rack has possible DoS Vulnerability with Range Header
# Possible DoS Vulnerability with Range Header in Rack

There is a possible DoS vulnerability relating to the Range request header in
Rack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.

Versions Affected:  >= 1.3.0.
Not affected:       < 1.3.0
Fixed Versions:     3.0.9.1, 2.2.8.1

Impact
------
Carefully crafted Range headers can cause a server to respond with an
unexpectedly large response. Responding with such large responses could lead
to a denial of service issue.

Vulnerable applications will use the `Rack::File` middleware or the
`Rack::Utils.byte_ranges` methods (this includes Rails applications).

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 3-0-range.patch - Patch for 3.0 series
* 2-2-range.patch - Patch for 2.2 series

Credits
-------

Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and
patch
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26141
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61607
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26141
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9
9
reference_url https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b
10
reference_url https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26141
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26141
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265594
reference_id 2265594
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265594
15
reference_url https://github.com/advisories/GHSA-xj5v-6v4g-jfw6
reference_id GHSA-xj5v-6v4g-jfw6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj5v-6v4g-jfw6
16
reference_url https://security.netapp.com/advisory/ntap-20240510-0007/
reference_id ntap-20240510-0007
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/
url https://security.netapp.com/advisory/ntap-20240510-0007/
17
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
18
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
19
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
20
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
21
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
22
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
23
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
24
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
25
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
26
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
27
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
28
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
29
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
1
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-26141, GHSA-xj5v-6v4g-jfw6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nzv-zger-fka9
1
url VCID-1pt2-23bn-7qev
vulnerability_id VCID-1pt2-23bn-7qev
summary rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/
url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
reference_id 2454504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
9
reference_url https://github.com/advisories/GHSA-q2ww-5357-x388
reference_id GHSA-q2ww-5357-x388
reference_type
scores
url https://github.com/advisories/GHSA-q2ww-5357-x388
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34831, GHSA-q2ww-5357-x388
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pt2-23bn-7qev
2
url VCID-21pz-m7dy-8bey
vulnerability_id VCID-21pz-m7dy-8bey
summary github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02889
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/
url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
reference_id 2454483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
9
reference_url https://github.com/advisories/GHSA-vgpv-f759-9wx3
reference_id GHSA-vgpv-f759-9wx3
reference_type
scores
url https://github.com/advisories/GHSA-vgpv-f759-9wx3
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-26961, GHSA-vgpv-f759-9wx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21pz-m7dy-8bey
3
url VCID-2zdv-mr4w-zkfg
vulnerability_id VCID-2zdv-mr4w-zkfg
summary rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01466
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
6
reference_url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
7
reference_url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements
1
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
reference_id 1117855
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
reference_id 2403126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
13
reference_url https://github.com/advisories/GHSA-r657-rxjc-j557
reference_id GHSA-r657-rxjc-j557
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r657-rxjc-j557
14
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.20
purl pkg:gem/rack@2.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5pry-5agj-tygz
4
vulnerability VCID-6hht-91zy-fqdf
5
vulnerability VCID-6t6w-vvzt-fqd9
6
vulnerability VCID-7pey-8xge-1fbz
7
vulnerability VCID-8rbg-wrmj-1bcu
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
3
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61780, GHSA-r657-rxjc-j557
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zdv-mr4w-zkfg
4
url VCID-31yn-1jfq-z7am
vulnerability_id VCID-31yn-1jfq-z7am
summary 
Directory traversal in Rack::Directory app bundled with Rack
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8161
reference_id
reference_type
scores
0
value 0.00907
scoring_system epss
scoring_elements 0.76104
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8161
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
8
reference_url https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8161
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8161
12
reference_url https://usn.ubuntu.com/4561-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4561-1
13
reference_url https://usn.ubuntu.com/4561-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4561-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1838281
reference_id 1838281
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1838281
15
reference_url https://github.com/advisories/GHSA-5f9h-9pjv-v6j7
reference_id GHSA-5f9h-9pjv-v6j7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5f9h-9pjv-v6j7
16
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
17
reference_url https://usn.ubuntu.com/4561-2/
reference_id USN-4561-2
reference_type
scores
url https://usn.ubuntu.com/4561-2/
fixed_packages
0
url pkg:gem/rack@2.1.3
purl pkg:gem/rack@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.3
1
url pkg:gem/rack@2.2.0
purl pkg:gem/rack@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-h44h-uxra-83cs
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mftr-ma4j-mbhy
22
vulnerability VCID-n3cc-pvr9-4bd5
23
vulnerability VCID-nqds-u1fk-y7ch
24
vulnerability VCID-rvwc-cy1n-yffg
25
vulnerability VCID-tjh9-vfdw-7yen
26
vulnerability VCID-v2nc-35z6-2kf6
27
vulnerability VCID-vch5-2deq-euaq
28
vulnerability VCID-xrut-zyv4-e3bf
29
vulnerability VCID-y4e1-mh3x-gkep
30
vulnerability VCID-ya57-9vg9-xka9
31
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.0
aliases CVE-2020-8161, GHSA-5f9h-9pjv-v6j7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31yn-1jfq-z7am
5
url VCID-3c3t-sa76-j3bv
vulnerability_id VCID-3c3t-sa76-j3bv
summary 
Rack vulnerable to Cross-site Scripting
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
reference_id
reference_type
scores
0
value 0.00829
scoring_system epss
scoring_elements 0.74838
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
9
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
10
reference_url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
12
reference_url https://usn.ubuntu.com/4089-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4089-1
13
reference_url https://usn.ubuntu.com/4089-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4089-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
reference_id 1646818
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
reference_id 913005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
16
reference_url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
reference_id GHSA-5r2p-j47h-mhpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
fixed_packages
0
url pkg:gem/rack@1.6.11
purl pkg:gem/rack@1.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mac4-2zg3-q3dg
23
vulnerability VCID-mftr-ma4j-mbhy
24
vulnerability VCID-n3cc-pvr9-4bd5
25
vulnerability VCID-nqds-u1fk-y7ch
26
vulnerability VCID-rvwc-cy1n-yffg
27
vulnerability VCID-tjh9-vfdw-7yen
28
vulnerability VCID-v2nc-35z6-2kf6
29
vulnerability VCID-vch5-2deq-euaq
30
vulnerability VCID-xrut-zyv4-e3bf
31
vulnerability VCID-y4e1-mh3x-gkep
32
vulnerability VCID-ya57-9vg9-xka9
33
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.11
1
url pkg:gem/rack@2.0.6
purl pkg:gem/rack@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mac4-2zg3-q3dg
23
vulnerability VCID-mftr-ma4j-mbhy
24
vulnerability VCID-n3cc-pvr9-4bd5
25
vulnerability VCID-nqds-u1fk-y7ch
26
vulnerability VCID-rvwc-cy1n-yffg
27
vulnerability VCID-tjh9-vfdw-7yen
28
vulnerability VCID-v2nc-35z6-2kf6
29
vulnerability VCID-vch5-2deq-euaq
30
vulnerability VCID-xrut-zyv4-e3bf
31
vulnerability VCID-y4e1-mh3x-gkep
32
vulnerability VCID-ya57-9vg9-xka9
33
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.6
aliases CVE-2018-16471, GHSA-5r2p-j47h-mhpg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3c3t-sa76-j3bv
6
url VCID-4umy-say3-ruad
vulnerability_id VCID-4umy-say3-ruad
summary rubygem-rack: Rack stored XSS in Rack::Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07554
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
reference_id 1128480
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
reference_id 2440738
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
11
reference_url https://github.com/advisories/GHSA-whrj-4476-wvmp
reference_id GHSA-whrj-4476-wvmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whrj-4476-wvmp
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@2.2.22
purl pkg:gem/rack@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-6hht-91zy-fqdf
3
vulnerability VCID-6t6w-vvzt-fqd9
4
vulnerability VCID-7pey-8xge-1fbz
5
vulnerability VCID-8rbg-wrmj-1bcu
6
vulnerability VCID-j3e9-y38h-xbbu
7
vulnerability VCID-mftr-ma4j-mbhy
8
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22
1
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
2
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-25500, GHSA-whrj-4476-wvmp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4umy-say3-ruad
7
url VCID-5kyg-kwck-akaf
vulnerability_id VCID-5kyg-kwck-akaf
summary 
Rack Header Parsing leads to Possible Denial of Service Vulnerability
# Possible Denial of Service Vulnerability in Rack Header Parsing

There is a possible denial of service vulnerability in the header parsing
routines in Rack.  This vulnerability has been assigned the CVE identifier
CVE-2024-26146.

Versions Affected:  All.
Not affected:       None
Fixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1

Impact
------
Carefully crafted headers can cause header parsing in Rack to take longer than
expected resulting in a possible denial of service issue. Accept and Forwarded
headers are impacted.

Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2
or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 2-0-header-redos.patch - Patch for 2.0 series
* 2-1-header-redos.patch - Patch for 2.1 series
* 2-2-header-redos.patch - Patch for 2.2 series
* 3-0-header-redos.patch - Patch for 3.0 series

Credits
-------

Thanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and
providing patches!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26146
reference_id
reference_type
scores
0
value 0.00775
scoring_system epss
scoring_elements 0.73907
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26146
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716
9
reference_url https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582
10
reference_url https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f
11
reference_url https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd
12
reference_url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26146
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26146
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265595
reference_id 2265595
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265595
17
reference_url https://github.com/advisories/GHSA-54rr-7fvw-6x8f
reference_id GHSA-54rr-7fvw-6x8f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54rr-7fvw-6x8f
18
reference_url https://security.netapp.com/advisory/ntap-20240510-0006/
reference_id ntap-20240510-0006
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/
url https://security.netapp.com/advisory/ntap-20240510-0006/
19
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
20
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
21
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
22
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
23
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
24
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
25
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
26
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
27
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
28
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
29
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
30
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
31
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.4
purl pkg:gem/rack@2.0.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-f6u2-fhux-43f3
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-k4w7-sm5v-yqgb
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tjh9-vfdw-7yen
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4
1
url pkg:gem/rack@2.1.4.4
purl pkg:gem/rack@2.1.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-f6u2-fhux-43f3
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-k4w7-sm5v-yqgb
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tjh9-vfdw-7yen
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4
2
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
3
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-26146, GHSA-54rr-7fvw-6x8f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kyg-kwck-akaf
8
url VCID-5pry-5agj-tygz
vulnerability_id VCID-5pry-5agj-tygz
summary rubygem-rack: Rack Directory Traversal via Rack:Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31135
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
reference_id 1128479
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
reference_id 2440737
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
11
reference_url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
reference_id GHSA-mxw3-3hh2-x2mh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@2.2.22
purl pkg:gem/rack@2.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-6hht-91zy-fqdf
3
vulnerability VCID-6t6w-vvzt-fqd9
4
vulnerability VCID-7pey-8xge-1fbz
5
vulnerability VCID-8rbg-wrmj-1bcu
6
vulnerability VCID-j3e9-y38h-xbbu
7
vulnerability VCID-mftr-ma4j-mbhy
8
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22
1
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
2
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-22860, GHSA-mxw3-3hh2-x2mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pry-5agj-tygz
9
url VCID-6hht-91zy-fqdf
vulnerability_id VCID-6hht-91zy-fqdf
summary rack: Rack: Denial of Service via crafted Accept-Encoding header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06608
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/
url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
reference_id 2454493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
9
reference_url https://github.com/advisories/GHSA-v569-hp3g-36wr
reference_id GHSA-v569-hp3g-36wr
reference_type
scores
url https://github.com/advisories/GHSA-v569-hp3g-36wr
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34230, GHSA-v569-hp3g-36wr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hht-91zy-fqdf
10
url VCID-6t6w-vvzt-fqd9
vulnerability_id VCID-6t6w-vvzt-fqd9
summary github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/
url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
reference_id 2454486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
9
reference_url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
reference_id GHSA-h2jq-g4cq-5ppq
reference_type
scores
url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34785, GHSA-h2jq-g4cq-5ppq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6w-vvzt-fqd9
11
url VCID-7pey-8xge-1fbz
vulnerability_id VCID-7pey-8xge-1fbz
summary rack: Rack: Denial of Service via unbounded multipart file upload
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20368
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/
url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
reference_id 2454488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
9
reference_url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
reference_id GHSA-8vqr-qjwx-82mw
reference_type
scores
url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34829, GHSA-8vqr-qjwx-82mw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pey-8xge-1fbz
12
url VCID-87hv-57m8-4qey
vulnerability_id VCID-87hv-57m8-4qey
summary rack: rubygem-rack: Local File Inclusion in Rack::Static
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27610
reference_id
reference_type
scores
0
value 0.01854
scoring_system epss
scoring_elements 0.83334
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27610
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/
url https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/
url https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27610
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27610
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444
reference_id 1100444
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2351231
reference_id 2351231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2351231
12
reference_url https://github.com/advisories/GHSA-7wqh-767x-r66v
reference_id GHSA-7wqh-767x-r66v
reference_type
scores
url https://github.com/advisories/GHSA-7wqh-767x-r66v
13
reference_url https://access.redhat.com/errata/RHSA-2025:3448
reference_id RHSA-2025:3448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3448
14
reference_url https://access.redhat.com/errata/RHSA-2025:3490
reference_id RHSA-2025:3490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3490
15
reference_url https://access.redhat.com/errata/RHSA-2025:3491
reference_id RHSA-2025:3491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3491
16
reference_url https://access.redhat.com/errata/RHSA-2025:3492
reference_id RHSA-2025:3492
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3492
17
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
18
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
19
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
20
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.13
purl pkg:gem/rack@2.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-k4w7-sm5v-yqgb
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-tjh9-vfdw-7yen
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.13
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.14
purl pkg:gem/rack@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-nqds-u1fk-y7ch
15
vulnerability VCID-tzca-xm43-xugs
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14
3
url pkg:gem/rack@3.1.12
purl pkg:gem/rack@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-nqds-u1fk-y7ch
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12
aliases CVE-2025-27610, GHSA-7wqh-767x-r66v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87hv-57m8-4qey
13
url VCID-8kwp-wuv8-gqf8
vulnerability_id VCID-8kwp-wuv8-gqf8
summary rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51764
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
6
reference_url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
7
reference_url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
reference_id 1117856
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
reference_id 2403180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
13
reference_url https://github.com/advisories/GHSA-6xw4-3v39-52mm
reference_id GHSA-6xw4-3v39-52mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xw4-3v39-52mm
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
23
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
24
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
25
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
26
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
27
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
28
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
29
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.20
purl pkg:gem/rack@2.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5pry-5agj-tygz
4
vulnerability VCID-6hht-91zy-fqdf
5
vulnerability VCID-6t6w-vvzt-fqd9
6
vulnerability VCID-7pey-8xge-1fbz
7
vulnerability VCID-8rbg-wrmj-1bcu
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
3
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61919, GHSA-6xw4-3v39-52mm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kwp-wuv8-gqf8
14
url VCID-8rbg-wrmj-1bcu
vulnerability_id VCID-8rbg-wrmj-1bcu
summary rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/
url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
reference_id 2454510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
9
reference_url https://github.com/advisories/GHSA-qv7j-4883-hwh7
reference_id GHSA-qv7j-4883-hwh7
reference_type
scores
url https://github.com/advisories/GHSA-qv7j-4883-hwh7
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34830, GHSA-qv7j-4883-hwh7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rbg-wrmj-1bcu
15
url VCID-9dqs-zbmn-b7e4
vulnerability_id VCID-9dqs-zbmn-b7e4
summary rack: Rack memory exhaustion denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55636
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
reference_id 2402200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
13
reference_url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61772, GHSA-wpv5-97wm-hp9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dqs-zbmn-b7e4
16
url VCID-dzhg-3hy9-w3gv
vulnerability_id VCID-dzhg-3hy9-w3gv
summary rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.2864
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
reference_id 1117628
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
reference_id 2402175
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
13
reference_url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
19
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
20
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
21
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
22
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
23
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
24
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzhg-3hy9-w3gv
17
url VCID-f5ev-kfux-n7hj
vulnerability_id VCID-f5ev-kfux-n7hj
summary 
Denial of Service Vulnerability in Rack Content-Disposition parsing
There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.

Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1
Impact

Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Releases

The fixed releases are available at the normal locations.
Workarounds

There are no feasible workarounds for this issue.
Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

    2-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.0 series
    2-1-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.1 series
    2-2-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.2 series
    3-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 3.0 series
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44571
reference_id
reference_type
scores
0
value 0.02825
scoring_system epss
scoring_elements 0.86412
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44571
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://github.com/rack/rack/releases/tag/v3.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/releases/tag/v3.0.4.1
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44571
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44571
15
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5530
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
reference_id 1029832
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164714
reference_id 2164714
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164714
18
reference_url https://github.com/advisories/GHSA-93pm-5p5f-3ghx
reference_id GHSA-93pm-5p5f-3ghx
reference_type
scores
url https://github.com/advisories/GHSA-93pm-5p5f-3ghx
19
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
20
reference_url https://usn.ubuntu.com/5910-1/
reference_id USN-5910-1
reference_type
scores
url https://usn.ubuntu.com/5910-1/
21
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.2
purl pkg:gem/rack@2.0.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2
1
url pkg:gem/rack@2.1.4.2
purl pkg:gem/rack@2.1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2
2
url pkg:gem/rack@2.2.6.1
purl pkg:gem/rack@2.2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-h44h-uxra-83cs
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mftr-ma4j-mbhy
22
vulnerability VCID-n3cc-pvr9-4bd5
23
vulnerability VCID-nqds-u1fk-y7ch
24
vulnerability VCID-rvwc-cy1n-yffg
25
vulnerability VCID-tjh9-vfdw-7yen
26
vulnerability VCID-v2nc-35z6-2kf6
27
vulnerability VCID-vch5-2deq-euaq
28
vulnerability VCID-xrut-zyv4-e3bf
29
vulnerability VCID-ya57-9vg9-xka9
30
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1
3
url pkg:gem/rack@3.0.4.1
purl pkg:gem/rack@3.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-3bh7-vrvj-p3g1
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-dchf-rhvg-zycw
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-n3cc-pvr9-4bd5
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tzca-xm43-xugs
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
25
vulnerability VCID-ya57-9vg9-xka9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1
aliases CVE-2022-44571, GHSA-93pm-5p5f-3ghx, GMS-2023-65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5ev-kfux-n7hj
18
url VCID-f6u2-fhux-43f3
vulnerability_id VCID-f6u2-fhux-43f3
summary rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27111
reference_id
reference_type
scores
0
value 0.00865
scoring_system epss
scoring_elements 0.75428
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27111
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
6
reference_url https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
7
reference_url https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/
url https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27111
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27111
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546
reference_id 1099546
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2349810
reference_id 2349810
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2349810
14
reference_url https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
reference_id GHSA-8cgq-6mh2-7j6v
reference_type
scores
url https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
15
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
16
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.12
purl pkg:gem/rack@2.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-j3e9-y38h-xbbu
14
vulnerability VCID-juuh-9psh-yyar
15
vulnerability VCID-k4w7-sm5v-yqgb
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-nqds-u1fk-y7ch
18
vulnerability VCID-tjh9-vfdw-7yen
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.12
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.13
purl pkg:gem/rack@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-j3e9-y38h-xbbu
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-nqds-u1fk-y7ch
16
vulnerability VCID-tzca-xm43-xugs
17
vulnerability VCID-v2nc-35z6-2kf6
18
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13
3
url pkg:gem/rack@3.1.11
purl pkg:gem/rack@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dchf-rhvg-zycw
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-j3e9-y38h-xbbu
16
vulnerability VCID-juuh-9psh-yyar
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-tzca-xm43-xugs
20
vulnerability VCID-v2nc-35z6-2kf6
21
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11
aliases CVE-2025-27111, GHSA-8cgq-6mh2-7j6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6u2-fhux-43f3
19
url VCID-h44h-uxra-83cs
vulnerability_id VCID-h44h-uxra-83cs
summary 
Denial of service via header parsing in Rack
There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.

Versions Affected: >= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1
Impact

Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
Releases

The fixed releases are available at the normal locations.
Workarounds

There are no feasible workarounds for this issue.
Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

    2-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.0 series
    2-1-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.1 series
    2-2-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.2 series
    3-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 3.0 series
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44570
reference_id
reference_type
scores
0
value 0.03121
scoring_system epss
scoring_elements 0.87067
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44570
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://github.com/rack/rack/releases/tag/v3.0.4.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/releases/tag/v3.0.4.1
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44570
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44570
15
reference_url https://security.netapp.com/advisory/ntap-20231208-0010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231208-0010
16
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5530
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
reference_id 1029832
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164719
reference_id 2164719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164719
19
reference_url https://github.com/advisories/GHSA-65f5-mfpf-vfhj
reference_id GHSA-65f5-mfpf-vfhj
reference_type
scores
url https://github.com/advisories/GHSA-65f5-mfpf-vfhj
20
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
21
reference_url https://usn.ubuntu.com/5910-1/
reference_id USN-5910-1
reference_type
scores
url https://usn.ubuntu.com/5910-1/
22
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.2
purl pkg:gem/rack@2.0.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2
1
url pkg:gem/rack@2.1.4.2
purl pkg:gem/rack@2.1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2
2
url pkg:gem/rack@2.2.6.2
purl pkg:gem/rack@2.2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.2
3
url pkg:gem/rack@3.0.4.1
purl pkg:gem/rack@3.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-3bh7-vrvj-p3g1
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-dchf-rhvg-zycw
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-n3cc-pvr9-4bd5
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tzca-xm43-xugs
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
25
vulnerability VCID-ya57-9vg9-xka9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1
aliases CVE-2022-44570, GHSA-65f5-mfpf-vfhj, GMS-2023-64
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h44h-uxra-83cs
20
url VCID-j3e9-y38h-xbbu
vulnerability_id VCID-j3e9-y38h-xbbu
summary rack: Rack: Security header bypass via URL-encoded static path requests
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13787
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/
url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
reference_id 2454507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
9
reference_url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
reference_id GHSA-q4qf-9j86-f5mh
reference_type
scores
url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34786, GHSA-q4qf-9j86-f5mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e9-y38h-xbbu
21
url VCID-juuh-9psh-yyar
vulnerability_id VCID-juuh-9psh-yyar
summary rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5021
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
reference_id 2402174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
13
reference_url https://github.com/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p543-xpfm-54cp
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.19
purl pkg:gem/rack@2.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
3
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61770, GHSA-p543-xpfm-54cp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-juuh-9psh-yyar
22
url VCID-k4w7-sm5v-yqgb
vulnerability_id VCID-k4w7-sm5v-yqgb
summary rack: Rack Session Reuse Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.2651
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
6
reference_url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
8
reference_url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
reference_id 2364965
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
12
reference_url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
reference_id GHSA-vpfw-47h7-xj4g
reference_type
scores
url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
13
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:gem/rack@2.2.14
purl pkg:gem/rack@2.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-tjh9-vfdw-7yen
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14
aliases CVE-2025-32441, GHSA-vpfw-47h7-xj4g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4w7-sm5v-yqgb
23
url VCID-mac4-2zg3-q3dg
vulnerability_id VCID-mac4-2zg3-q3dg
summary 
Possible Information Leak / Session Hijack Vulnerability in Rack
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.

The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

### Impact

The session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

## Releases

The 1.6.12 and 2.0.8 releases are available at the normal locations.

### Workarounds

There are no known workarounds.

### Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 1-6-session-timing-attack.patch - Patch for 1.6 series
* 2-0-session-timing-attack.patch - Patch for 2.6 series

### Credits

Thanks Will Leinweber for reporting this!
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
reference_id
reference_type
scores
0
value 0.00892
scoring_system epss
scoring_elements 0.75899
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
6
reference_url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
12
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/2
13
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/3
14
reference_url http://www.openwall.com/lists/oss-security/2019/12/19/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/19/3
15
reference_url http://www.openwall.com/lists/oss-security/2020/04/08/1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/08/1
16
reference_url http://www.openwall.com/lists/oss-security/2020/04/09/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/09/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
reference_id 1789100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
reference_id 946983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
19
reference_url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
reference_id GHSA-hrqr-hxpp-chr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
20
reference_url https://access.redhat.com/errata/RHSA-2020:2480
reference_id RHSA-2020:2480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2480
21
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
23
reference_url https://usn.ubuntu.com/USN-5253-1/
reference_id USN-USN-5253-1
reference_type
scores
url https://usn.ubuntu.com/USN-5253-1/
fixed_packages
0
url pkg:gem/rack@1.6.12
purl pkg:gem/rack@1.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.12
1
url pkg:gem/rack@2.0.0.alpha
purl pkg:gem/rack@2.0.0.alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha
2
url pkg:gem/rack@2.0.8
purl pkg:gem/rack@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8
aliases CVE-2019-16782, GHSA-hrqr-hxpp-chr3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mac4-2zg3-q3dg
24
url VCID-mftr-ma4j-mbhy
vulnerability_id VCID-mftr-ma4j-mbhy
summary rack: Rack: Denial of Service via malicious HTTP Range header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06114
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/
url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
reference_id 2454508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
9
reference_url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
reference_id GHSA-x8cg-fq8g-mxfx
reference_type
scores
url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34826, GHSA-x8cg-fq8g-mxfx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mftr-ma4j-mbhy
25
url VCID-n3cc-pvr9-4bd5
vulnerability_id VCID-n3cc-pvr9-4bd5
summary 
Possible Denial of Service Vulnerability in Rack's header parsing
There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539.

Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1

# Impact
Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.

# Workarounds
Setting Regexp.timeout in Ruby 3.2 is a possible workaround.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27539
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58717
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27539
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
13
reference_url https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
15
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27539
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27539
17
reference_url https://security.netapp.com/advisory/ntap-20231208-0016
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231208-0016
18
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://www.debian.org/security/2023/dsa-5530
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264
reference_id 1033264
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179649
reference_id 2179649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179649
21
reference_url https://github.com/advisories/GHSA-c6qg-cjj8-47qp
reference_id GHSA-c6qg-cjj8-47qp
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/advisories/GHSA-c6qg-cjj8-47qp
22
reference_url https://security.netapp.com/advisory/ntap-20231208-0016/
reference_id ntap-20231208-0016
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://security.netapp.com/advisory/ntap-20231208-0016/
23
reference_url https://access.redhat.com/errata/RHSA-2023:1953
reference_id RHSA-2023:1953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1953
24
reference_url https://access.redhat.com/errata/RHSA-2023:1961
reference_id RHSA-2023:1961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1961
25
reference_url https://access.redhat.com/errata/RHSA-2023:1981
reference_id RHSA-2023:1981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1981
26
reference_url https://access.redhat.com/errata/RHSA-2023:2652
reference_id RHSA-2023:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2652
27
reference_url https://access.redhat.com/errata/RHSA-2023:3082
reference_id RHSA-2023:3082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3082
28
reference_url https://access.redhat.com/errata/RHSA-2023:3403
reference_id RHSA-2023:3403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3403
29
reference_url https://access.redhat.com/errata/RHSA-2023:3495
reference_id RHSA-2023:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3495
30
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
31
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
32
reference_url https://usn.ubuntu.com/6905-1/
reference_id USN-6905-1
reference_type
scores
url https://usn.ubuntu.com/6905-1/
33
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.2.6.4
purl pkg:gem/rack@2.2.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-k4w7-sm5v-yqgb
19
vulnerability VCID-mftr-ma4j-mbhy
20
vulnerability VCID-nqds-u1fk-y7ch
21
vulnerability VCID-rvwc-cy1n-yffg
22
vulnerability VCID-tjh9-vfdw-7yen
23
vulnerability VCID-v2nc-35z6-2kf6
24
vulnerability VCID-vch5-2deq-euaq
25
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4
1
url pkg:gem/rack@3.0.6.1
purl pkg:gem/rack@3.0.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-3bh7-vrvj-p3g1
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-dchf-rhvg-zycw
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tzca-xm43-xugs
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
23
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1
aliases CVE-2023-27539, GHSA-c6qg-cjj8-47qp, GMS-2023-769
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3cc-pvr9-4bd5
26
url VCID-nqds-u1fk-y7ch
vulnerability_id VCID-nqds-u1fk-y7ch
summary rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74504
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
6
reference_url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
7
reference_url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
reference_id 1104927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
reference_id 2364966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
13
reference_url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
reference_id GHSA-gjh7-p2fx-99vx
reference_type
scores
url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
14
reference_url https://access.redhat.com/errata/RHSA-2025:7604
reference_id RHSA-2025:7604
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7604
15
reference_url https://access.redhat.com/errata/RHSA-2025:7605
reference_id RHSA-2025:7605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7605
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8256
reference_id RHSA-2025:8256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8256
18
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
19
reference_url https://access.redhat.com/errata/RHSA-2025:8288
reference_id RHSA-2025:8288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8288
20
reference_url https://access.redhat.com/errata/RHSA-2025:8289
reference_id RHSA-2025:8289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8289
21
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
22
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
23
reference_url https://access.redhat.com/errata/RHSA-2025:8319
reference_id RHSA-2025:8319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8319
24
reference_url https://access.redhat.com/errata/RHSA-2025:8322
reference_id RHSA-2025:8322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8322
25
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
26
reference_url https://access.redhat.com/errata/RHSA-2025:9838
reference_id RHSA-2025:9838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9838
27
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:gem/rack@2.2.14
purl pkg:gem/rack@2.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-tjh9-vfdw-7yen
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14
1
url pkg:gem/rack@3.0.16
purl pkg:gem/rack@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-v2nc-35z6-2kf6
16
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16
2
url pkg:gem/rack@3.1.14
purl pkg:gem/rack@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14
aliases CVE-2025-46727, GHSA-gjh7-p2fx-99vx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqds-u1fk-y7ch
27
url VCID-rvwc-cy1n-yffg
vulnerability_id VCID-rvwc-cy1n-yffg
summary rubygem-rack: Possible Log Injection in Rack::CommonLogger
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25184
reference_id
reference_type
scores
0
value 0.01345
scoring_system epss
scoring_elements 0.80354
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/
url https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25184
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25184
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257
reference_id 1098257
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2345301
reference_id 2345301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2345301
12
reference_url https://github.com/advisories/GHSA-7g2v-jj9q-g3rg
reference_id GHSA-7g2v-jj9q-g3rg
reference_type
scores
url https://github.com/advisories/GHSA-7g2v-jj9q-g3rg
13
reference_url https://access.redhat.com/errata/RHSA-2025:1985
reference_id RHSA-2025:1985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1985
14
reference_url https://access.redhat.com/errata/RHSA-2025:7085
reference_id RHSA-2025:7085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7085
15
reference_url https://usn.ubuntu.com/7366-1/
reference_id USN-7366-1
reference_type
scores
url https://usn.ubuntu.com/7366-1/
16
reference_url https://usn.ubuntu.com/7366-2/
reference_id USN-7366-2
reference_type
scores
url https://usn.ubuntu.com/7366-2/
fixed_packages
0
url pkg:gem/rack@2.2.11
purl pkg:gem/rack@2.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-tjh9-vfdw-7yen
20
vulnerability VCID-v2nc-35z6-2kf6
21
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.11
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
2
url pkg:gem/rack@3.0.12
purl pkg:gem/rack@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12
3
url pkg:gem/rack@3.1.10
purl pkg:gem/rack@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-9dqs-zbmn-b7e4
13
vulnerability VCID-dchf-rhvg-zycw
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-mftr-ma4j-mbhy
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-tzca-xm43-xugs
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10
aliases CVE-2025-25184, GHSA-7g2v-jj9q-g3rg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvwc-cy1n-yffg
28
url VCID-tjh9-vfdw-7yen
vulnerability_id VCID-tjh9-vfdw-7yen
summary rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.31734
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
reference_id 1116431
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
reference_id 2398167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
10
reference_url https://github.com/advisories/GHSA-625h-95r8-8xpm
reference_id GHSA-625h-95r8-8xpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-625h-95r8-8xpm
11
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
12
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
13
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
14
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
15
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
16
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
17
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
18
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
19
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
20
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
21
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7784-1/
reference_id USN-7784-1
reference_type
scores
url https://usn.ubuntu.com/7784-1/
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@2.2.18
purl pkg:gem/rack@2.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.18
1
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-3bh7-vrvj-p3g1
2
vulnerability VCID-4umy-say3-ruad
3
vulnerability VCID-5kyg-kwck-akaf
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-dchf-rhvg-zycw
6
vulnerability VCID-f5ev-kfux-n7hj
7
vulnerability VCID-f6u2-fhux-43f3
8
vulnerability VCID-n3cc-pvr9-4bd5
9
vulnerability VCID-tzca-xm43-xugs
10
vulnerability VCID-v2nc-35z6-2kf6
11
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
aliases CVE-2025-59830, GHSA-625h-95r8-8xpm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh9-vfdw-7yen
29
url VCID-v2nc-35z6-2kf6
vulnerability_id VCID-v2nc-35z6-2kf6
summary rack: rubygem-rack: Rack Content-Disposition Denial of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
reference_id
reference_type
scores
0
value 0.00569
scoring_system epss
scoring_elements 0.68866
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
4
reference_url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
5
reference_url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
reference_id 1107363
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
reference_id 2370346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
11
reference_url https://github.com/advisories/GHSA-47m2-26rw-j2jw
reference_id GHSA-47m2-26rw-j2jw
reference_type
scores
url https://github.com/advisories/GHSA-47m2-26rw-j2jw
fixed_packages
0
url pkg:gem/rack@3.1.16
purl pkg:gem/rack@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16
aliases CVE-2025-49007, GHSA-47m2-26rw-j2jw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nc-35z6-2kf6
30
url VCID-vch5-2deq-euaq
vulnerability_id VCID-vch5-2deq-euaq
summary rack: Rack: Information disclosure via regular expression metacharacters in root path
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
reference_id 2454498
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
9
reference_url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
reference_id GHSA-7mqq-6cf9-v2qp
reference_type
scores
url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
1
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
2
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34763, GHSA-7mqq-6cf9-v2qp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vch5-2deq-euaq
31
url VCID-xrut-zyv4-e3bf
vulnerability_id VCID-xrut-zyv4-e3bf
summary 
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
### Summary

```ruby
module Rack
  class MediaType
    SPLIT_PATTERN = %r{\s*[;,]\s*}
```
The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.

### PoC

A simple HTTP request with lots of blank characters in the content-type header:

```ruby
request["Content-Type"] = (" " * 50_000) + "a,"
```

### Impact

It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25126
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.63937
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25126
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146
5
reference_url https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
8
reference_url https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462
9
reference_url https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49
10
reference_url https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml
12
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25126
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25126
14
reference_url https://security.netapp.com/advisory/ntap-20240510-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0005
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
reference_id 1064516
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2265593
reference_id 2265593
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2265593
17
reference_url https://github.com/advisories/GHSA-22f2-v57c-j9cx
reference_id GHSA-22f2-v57c-j9cx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22f2-v57c-j9cx
18
reference_url https://security.netapp.com/advisory/ntap-20240510-0005/
reference_id ntap-20240510-0005
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/
url https://security.netapp.com/advisory/ntap-20240510-0005/
19
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
20
reference_url https://access.redhat.com/errata/RHSA-2024:1841
reference_id RHSA-2024:1841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1841
21
reference_url https://access.redhat.com/errata/RHSA-2024:1846
reference_id RHSA-2024:1846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1846
22
reference_url https://access.redhat.com/errata/RHSA-2024:2007
reference_id RHSA-2024:2007
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2007
23
reference_url https://access.redhat.com/errata/RHSA-2024:2113
reference_id RHSA-2024:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2113
24
reference_url https://access.redhat.com/errata/RHSA-2024:2581
reference_id RHSA-2024:2581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2581
25
reference_url https://access.redhat.com/errata/RHSA-2024:2584
reference_id RHSA-2024:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2584
26
reference_url https://access.redhat.com/errata/RHSA-2024:2953
reference_id RHSA-2024:2953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2953
27
reference_url https://access.redhat.com/errata/RHSA-2024:3431
reference_id RHSA-2024:3431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3431
28
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
29
reference_url https://usn.ubuntu.com/6837-2/
reference_id USN-6837-2
reference_type
scores
url https://usn.ubuntu.com/6837-2/
30
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.2.8.1
purl pkg:gem/rack@2.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-87hv-57m8-4qey
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dzhg-3hy9-w3gv
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-k4w7-sm5v-yqgb
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-nqds-u1fk-y7ch
19
vulnerability VCID-rvwc-cy1n-yffg
20
vulnerability VCID-tjh9-vfdw-7yen
21
vulnerability VCID-v2nc-35z6-2kf6
22
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1
1
url pkg:gem/rack@3.0.9.1
purl pkg:gem/rack@3.0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-87hv-57m8-4qey
10
vulnerability VCID-8kwp-wuv8-gqf8
11
vulnerability VCID-8rbg-wrmj-1bcu
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-f6u2-fhux-43f3
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-mftr-ma4j-mbhy
16
vulnerability VCID-nqds-u1fk-y7ch
17
vulnerability VCID-rvwc-cy1n-yffg
18
vulnerability VCID-tzca-xm43-xugs
19
vulnerability VCID-v2nc-35z6-2kf6
20
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1
aliases CVE-2024-25126, GHSA-22f2-v57c-j9cx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrut-zyv4-e3bf
32
url VCID-y4e1-mh3x-gkep
vulnerability_id VCID-y4e1-mh3x-gkep
summary 
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8184
reference_id
reference_type
scores
0
value 0.00811
scoring_system epss
scoring_elements 0.74534
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml
7
reference_url https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
8
reference_url https://hackerone.com/reports/895727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/895727
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8184
12
reference_url https://usn.ubuntu.com/4561-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4561-1
13
reference_url https://usn.ubuntu.com/4561-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4561-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849141
reference_id 1849141
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849141
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477
reference_id 963477
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477
16
reference_url https://github.com/advisories/GHSA-j6w9-fv6q-3q52
reference_id GHSA-j6w9-fv6q-3q52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6w9-fv6q-3q52
17
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
18
reference_url https://usn.ubuntu.com/4561-2/
reference_id USN-4561-2
reference_type
scores
url https://usn.ubuntu.com/4561-2/
19
reference_url https://usn.ubuntu.com/USN-5253-1/
reference_id USN-USN-5253-1
reference_type
scores
url https://usn.ubuntu.com/USN-5253-1/
fixed_packages
0
url pkg:gem/rack@2.1.4
purl pkg:gem/rack@2.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-ya57-9vg9-xka9
31
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4
1
url pkg:gem/rack@2.2.3
purl pkg:gem/rack@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-h44h-uxra-83cs
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mftr-ma4j-mbhy
22
vulnerability VCID-n3cc-pvr9-4bd5
23
vulnerability VCID-nqds-u1fk-y7ch
24
vulnerability VCID-rvwc-cy1n-yffg
25
vulnerability VCID-tjh9-vfdw-7yen
26
vulnerability VCID-v2nc-35z6-2kf6
27
vulnerability VCID-vch5-2deq-euaq
28
vulnerability VCID-xrut-zyv4-e3bf
29
vulnerability VCID-ya57-9vg9-xka9
30
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3
aliases CVE-2020-8184, GHSA-j6w9-fv6q-3q52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4e1-mh3x-gkep
33
url VCID-ya57-9vg9-xka9
vulnerability_id VCID-ya57-9vg9-xka9
summary 
Rack has possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.

Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3

# Impact
The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.

All users running an affected release should either upgrade or use one of the workarounds immediately.

# Workarounds
A proxy can be configured to limit the POST body size which will mitigate this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27530
reference_id
reference_type
scores
0
value 0.01982
scoring_system epss
scoring_elements 0.83865
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27530
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
13
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27530
15
reference_url https://security.netapp.com/advisory/ntap-20231208-0015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231208-0015
16
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://www.debian.org/security/2023/dsa-5530
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803
reference_id 1032803
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176477
reference_id 2176477
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176477
19
reference_url https://github.com/advisories/GHSA-3h57-hmj3-gj3p
reference_id GHSA-3h57-hmj3-gj3p
reference_type
scores
url https://github.com/advisories/GHSA-3h57-hmj3-gj3p
20
reference_url https://security.netapp.com/advisory/ntap-20231208-0015/
reference_id ntap-20231208-0015
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://security.netapp.com/advisory/ntap-20231208-0015/
21
reference_url https://access.redhat.com/errata/RHSA-2023:1961
reference_id RHSA-2023:1961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1961
22
reference_url https://access.redhat.com/errata/RHSA-2023:1981
reference_id RHSA-2023:1981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1981
23
reference_url https://access.redhat.com/errata/RHSA-2023:2652
reference_id RHSA-2023:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2652
24
reference_url https://access.redhat.com/errata/RHSA-2023:3082
reference_id RHSA-2023:3082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3082
25
reference_url https://access.redhat.com/errata/RHSA-2023:3403
reference_id RHSA-2023:3403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3403
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
27
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
28
reference_url https://usn.ubuntu.com/6905-1/
reference_id USN-6905-1
reference_type
scores
url https://usn.ubuntu.com/6905-1/
29
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.3
purl pkg:gem/rack@2.0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-k4w7-sm5v-yqgb
19
vulnerability VCID-mftr-ma4j-mbhy
20
vulnerability VCID-n3cc-pvr9-4bd5
21
vulnerability VCID-nqds-u1fk-y7ch
22
vulnerability VCID-rvwc-cy1n-yffg
23
vulnerability VCID-tjh9-vfdw-7yen
24
vulnerability VCID-v2nc-35z6-2kf6
25
vulnerability VCID-vch5-2deq-euaq
26
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.3
1
url pkg:gem/rack@2.1.4.3
purl pkg:gem/rack@2.1.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-k4w7-sm5v-yqgb
19
vulnerability VCID-mftr-ma4j-mbhy
20
vulnerability VCID-n3cc-pvr9-4bd5
21
vulnerability VCID-nqds-u1fk-y7ch
22
vulnerability VCID-rvwc-cy1n-yffg
23
vulnerability VCID-tjh9-vfdw-7yen
24
vulnerability VCID-v2nc-35z6-2kf6
25
vulnerability VCID-vch5-2deq-euaq
26
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.3
2
url pkg:gem/rack@2.2.6.3
purl pkg:gem/rack@2.2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-juuh-9psh-yyar
18
vulnerability VCID-k4w7-sm5v-yqgb
19
vulnerability VCID-mftr-ma4j-mbhy
20
vulnerability VCID-n3cc-pvr9-4bd5
21
vulnerability VCID-nqds-u1fk-y7ch
22
vulnerability VCID-rvwc-cy1n-yffg
23
vulnerability VCID-tjh9-vfdw-7yen
24
vulnerability VCID-v2nc-35z6-2kf6
25
vulnerability VCID-vch5-2deq-euaq
26
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.3
3
url pkg:gem/rack@3.0.4.2
purl pkg:gem/rack@3.0.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-3bh7-vrvj-p3g1
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-dchf-rhvg-zycw
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-n3cc-pvr9-4bd5
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tzca-xm43-xugs
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.2
aliases CVE-2023-27530, GHSA-3h57-hmj3-gj3p, GMS-2023-663
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ya57-9vg9-xka9
34
url VCID-zbqp-syvz-8bb5
vulnerability_id VCID-zbqp-syvz-8bb5
summary 
Denial of service via multipart parsing in Rack
There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.

Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1
Impact

Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.
Releases

The fixed releases are available at the normal locations.
Workarounds

There are no feasible workarounds for this issue.
Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

    2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series
    2-1-Forbid-control-characters-in-attributes.patch - Patch for 2.1 series
    2-2-Forbid-control-characters-in-attributes.patch - Patch for 2.2 series
    3-0-Forbid-control-characters-in-attributes.patch - Patch for 3.0 series
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44572
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.4897
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44572
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
11
reference_url https://github.com/rack/rack/releases/tag/v3.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/releases/tag/v3.0.4.1
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml
13
reference_url https://hackerone.com/reports/1639882
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1639882
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44572
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44572
15
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5530
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
reference_id 1029832
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164722
reference_id 2164722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164722
18
reference_url https://github.com/advisories/GHSA-rqv2-275x-2jq5
reference_id GHSA-rqv2-275x-2jq5
reference_type
scores
url https://github.com/advisories/GHSA-rqv2-275x-2jq5
19
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
20
reference_url https://usn.ubuntu.com/5910-1/
reference_id USN-5910-1
reference_type
scores
url https://usn.ubuntu.com/5910-1/
21
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:gem/rack@2.0.9.2
purl pkg:gem/rack@2.0.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2
1
url pkg:gem/rack@2.1.4.2
purl pkg:gem/rack@2.1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-j3e9-y38h-xbbu
18
vulnerability VCID-juuh-9psh-yyar
19
vulnerability VCID-k4w7-sm5v-yqgb
20
vulnerability VCID-mftr-ma4j-mbhy
21
vulnerability VCID-n3cc-pvr9-4bd5
22
vulnerability VCID-nqds-u1fk-y7ch
23
vulnerability VCID-rvwc-cy1n-yffg
24
vulnerability VCID-tjh9-vfdw-7yen
25
vulnerability VCID-v2nc-35z6-2kf6
26
vulnerability VCID-vch5-2deq-euaq
27
vulnerability VCID-xrut-zyv4-e3bf
28
vulnerability VCID-ya57-9vg9-xka9
29
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2
2
url pkg:gem/rack@2.2.5
purl pkg:gem/rack@2.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-h44h-uxra-83cs
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mftr-ma4j-mbhy
22
vulnerability VCID-n3cc-pvr9-4bd5
23
vulnerability VCID-nqds-u1fk-y7ch
24
vulnerability VCID-rvwc-cy1n-yffg
25
vulnerability VCID-tjh9-vfdw-7yen
26
vulnerability VCID-v2nc-35z6-2kf6
27
vulnerability VCID-vch5-2deq-euaq
28
vulnerability VCID-xrut-zyv4-e3bf
29
vulnerability VCID-ya57-9vg9-xka9
30
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.5
3
url pkg:gem/rack@2.2.6.1
purl pkg:gem/rack@2.2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5kyg-kwck-akaf
6
vulnerability VCID-5pry-5agj-tygz
7
vulnerability VCID-6hht-91zy-fqdf
8
vulnerability VCID-6t6w-vvzt-fqd9
9
vulnerability VCID-7pey-8xge-1fbz
10
vulnerability VCID-87hv-57m8-4qey
11
vulnerability VCID-8kwp-wuv8-gqf8
12
vulnerability VCID-8rbg-wrmj-1bcu
13
vulnerability VCID-9dqs-zbmn-b7e4
14
vulnerability VCID-dzhg-3hy9-w3gv
15
vulnerability VCID-f5ev-kfux-n7hj
16
vulnerability VCID-f6u2-fhux-43f3
17
vulnerability VCID-h44h-uxra-83cs
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mftr-ma4j-mbhy
22
vulnerability VCID-n3cc-pvr9-4bd5
23
vulnerability VCID-nqds-u1fk-y7ch
24
vulnerability VCID-rvwc-cy1n-yffg
25
vulnerability VCID-tjh9-vfdw-7yen
26
vulnerability VCID-v2nc-35z6-2kf6
27
vulnerability VCID-vch5-2deq-euaq
28
vulnerability VCID-xrut-zyv4-e3bf
29
vulnerability VCID-ya57-9vg9-xka9
30
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1
4
url pkg:gem/rack@3.0.4.1
purl pkg:gem/rack@3.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-3bh7-vrvj-p3g1
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-dchf-rhvg-zycw
15
vulnerability VCID-f6u2-fhux-43f3
16
vulnerability VCID-j3e9-y38h-xbbu
17
vulnerability VCID-mftr-ma4j-mbhy
18
vulnerability VCID-n3cc-pvr9-4bd5
19
vulnerability VCID-nqds-u1fk-y7ch
20
vulnerability VCID-rvwc-cy1n-yffg
21
vulnerability VCID-tzca-xm43-xugs
22
vulnerability VCID-v2nc-35z6-2kf6
23
vulnerability VCID-vch5-2deq-euaq
24
vulnerability VCID-xrut-zyv4-e3bf
25
vulnerability VCID-ya57-9vg9-xka9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1
aliases CVE-2022-44572, GHSA-rqv2-275x-2jq5, GMS-2023-66
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbqp-syvz-8bb5
Fixing_vulnerabilities
0
url VCID-1av1-ssfc-8ffn
vulnerability_id VCID-1av1-ssfc-8ffn
summary 
Moderate severity vulnerability that affects rack
Withdrawn, accidental duplicate publish.

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
references
0
reference_url https://github.com/advisories/GHSA-9vc2-p34x-jhxh
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9vc2-p34x-jhxh
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
fixed_packages
0
url pkg:gem/rack@1.4.6
purl pkg:gem/rack@1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mac4-2zg3-q3dg
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6
1
url pkg:gem/rack@1.5.4
purl pkg:gem/rack@1.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mac4-2zg3-q3dg
23
vulnerability VCID-mftr-ma4j-mbhy
24
vulnerability VCID-n3cc-pvr9-4bd5
25
vulnerability VCID-nqds-u1fk-y7ch
26
vulnerability VCID-rvwc-cy1n-yffg
27
vulnerability VCID-tjh9-vfdw-7yen
28
vulnerability VCID-v2nc-35z6-2kf6
29
vulnerability VCID-vch5-2deq-euaq
30
vulnerability VCID-xrut-zyv4-e3bf
31
vulnerability VCID-y4e1-mh3x-gkep
32
vulnerability VCID-ya57-9vg9-xka9
33
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4
2
url pkg:gem/rack@1.6.2
purl pkg:gem/rack@1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-3c3t-sa76-j3bv
6
vulnerability VCID-4umy-say3-ruad
7
vulnerability VCID-5kyg-kwck-akaf
8
vulnerability VCID-5pry-5agj-tygz
9
vulnerability VCID-6hht-91zy-fqdf
10
vulnerability VCID-6t6w-vvzt-fqd9
11
vulnerability VCID-7pey-8xge-1fbz
12
vulnerability VCID-87hv-57m8-4qey
13
vulnerability VCID-8kwp-wuv8-gqf8
14
vulnerability VCID-8rbg-wrmj-1bcu
15
vulnerability VCID-9dqs-zbmn-b7e4
16
vulnerability VCID-dzhg-3hy9-w3gv
17
vulnerability VCID-f5ev-kfux-n7hj
18
vulnerability VCID-f6u2-fhux-43f3
19
vulnerability VCID-h44h-uxra-83cs
20
vulnerability VCID-j3e9-y38h-xbbu
21
vulnerability VCID-juuh-9psh-yyar
22
vulnerability VCID-k4w7-sm5v-yqgb
23
vulnerability VCID-mac4-2zg3-q3dg
24
vulnerability VCID-mftr-ma4j-mbhy
25
vulnerability VCID-n3cc-pvr9-4bd5
26
vulnerability VCID-nqds-u1fk-y7ch
27
vulnerability VCID-rvwc-cy1n-yffg
28
vulnerability VCID-tjh9-vfdw-7yen
29
vulnerability VCID-v2nc-35z6-2kf6
30
vulnerability VCID-vch5-2deq-euaq
31
vulnerability VCID-xrut-zyv4-e3bf
32
vulnerability VCID-y4e1-mh3x-gkep
33
vulnerability VCID-ya57-9vg9-xka9
34
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2
aliases GHSA-9vc2-p34x-jhxh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1av1-ssfc-8ffn
1
url VCID-rg39-bur5-67e3
vulnerability_id VCID-rg39-bur5-67e3
summary 
Rack vulnerable to Denial of Service via large parameter depth request
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html
5
reference_url http://openwall.com/lists/oss-security/2015/06/16/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/14
6
reference_url http://rhn.redhat.com/errata/RHSA-2015-2290.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2290.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3225
reference_id
reference_type
scores
0
value 0.13251
scoring_system epss
scoring_elements 0.94266
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3225
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225
10
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
11
reference_url https://github.com/rack/rack/blob/master/HISTORY.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/blob/master/HISTORY.md
12
reference_url https://github.com/rack/rack/commits/1.4.6
reference_id
reference_type
scores
url https://github.com/rack/rack/commits/1.4.6
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml
14
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
16
reference_url http://www.debian.org/security/2015/dsa-3322
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3322
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232292
reference_id 1232292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1232292
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
reference_id 789311
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
19
reference_url https://github.com/advisories/GHSA-rgr4-9jh5-j4j6
reference_id GHSA-rgr4-9jh5-j4j6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgr4-9jh5-j4j6
20
reference_url https://access.redhat.com/errata/RHSA-2015:2290
reference_id RHSA-2015:2290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2290
fixed_packages
0
url pkg:gem/rack@1.4.6
purl pkg:gem/rack@1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-j3e9-y38h-xbbu
19
vulnerability VCID-juuh-9psh-yyar
20
vulnerability VCID-k4w7-sm5v-yqgb
21
vulnerability VCID-mac4-2zg3-q3dg
22
vulnerability VCID-mftr-ma4j-mbhy
23
vulnerability VCID-n3cc-pvr9-4bd5
24
vulnerability VCID-nqds-u1fk-y7ch
25
vulnerability VCID-rvwc-cy1n-yffg
26
vulnerability VCID-tjh9-vfdw-7yen
27
vulnerability VCID-v2nc-35z6-2kf6
28
vulnerability VCID-vch5-2deq-euaq
29
vulnerability VCID-xrut-zyv4-e3bf
30
vulnerability VCID-y4e1-mh3x-gkep
31
vulnerability VCID-ya57-9vg9-xka9
32
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6
1
url pkg:gem/rack@1.5.0.beta.1
purl pkg:gem/rack@1.5.0.beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-64vt-66fw-53dk
9
vulnerability VCID-6hht-91zy-fqdf
10
vulnerability VCID-6t6w-vvzt-fqd9
11
vulnerability VCID-7pey-8xge-1fbz
12
vulnerability VCID-87hv-57m8-4qey
13
vulnerability VCID-8kwp-wuv8-gqf8
14
vulnerability VCID-8rbg-wrmj-1bcu
15
vulnerability VCID-9dqs-zbmn-b7e4
16
vulnerability VCID-a6k6-15zc-duaw
17
vulnerability VCID-dzhg-3hy9-w3gv
18
vulnerability VCID-f5ev-kfux-n7hj
19
vulnerability VCID-f6u2-fhux-43f3
20
vulnerability VCID-j3e9-y38h-xbbu
21
vulnerability VCID-juuh-9psh-yyar
22
vulnerability VCID-k4w7-sm5v-yqgb
23
vulnerability VCID-mac4-2zg3-q3dg
24
vulnerability VCID-mftr-ma4j-mbhy
25
vulnerability VCID-n3cc-pvr9-4bd5
26
vulnerability VCID-nqds-u1fk-y7ch
27
vulnerability VCID-rg39-bur5-67e3
28
vulnerability VCID-rvwc-cy1n-yffg
29
vulnerability VCID-sfcw-t1ch-b7dr
30
vulnerability VCID-tjh9-vfdw-7yen
31
vulnerability VCID-v2nc-35z6-2kf6
32
vulnerability VCID-vch5-2deq-euaq
33
vulnerability VCID-xrut-zyv4-e3bf
34
vulnerability VCID-y4e1-mh3x-gkep
35
vulnerability VCID-ya57-9vg9-xka9
36
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1
2
url pkg:gem/rack@1.5.4
purl pkg:gem/rack@1.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mac4-2zg3-q3dg
23
vulnerability VCID-mftr-ma4j-mbhy
24
vulnerability VCID-n3cc-pvr9-4bd5
25
vulnerability VCID-nqds-u1fk-y7ch
26
vulnerability VCID-rvwc-cy1n-yffg
27
vulnerability VCID-tjh9-vfdw-7yen
28
vulnerability VCID-v2nc-35z6-2kf6
29
vulnerability VCID-vch5-2deq-euaq
30
vulnerability VCID-xrut-zyv4-e3bf
31
vulnerability VCID-y4e1-mh3x-gkep
32
vulnerability VCID-ya57-9vg9-xka9
33
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4
3
url pkg:gem/rack@1.6.0.beta
purl pkg:gem/rack@1.6.0.beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-4umy-say3-ruad
6
vulnerability VCID-5kyg-kwck-akaf
7
vulnerability VCID-5pry-5agj-tygz
8
vulnerability VCID-6hht-91zy-fqdf
9
vulnerability VCID-6t6w-vvzt-fqd9
10
vulnerability VCID-7pey-8xge-1fbz
11
vulnerability VCID-87hv-57m8-4qey
12
vulnerability VCID-8kwp-wuv8-gqf8
13
vulnerability VCID-8rbg-wrmj-1bcu
14
vulnerability VCID-9dqs-zbmn-b7e4
15
vulnerability VCID-dzhg-3hy9-w3gv
16
vulnerability VCID-f5ev-kfux-n7hj
17
vulnerability VCID-f6u2-fhux-43f3
18
vulnerability VCID-h44h-uxra-83cs
19
vulnerability VCID-j3e9-y38h-xbbu
20
vulnerability VCID-juuh-9psh-yyar
21
vulnerability VCID-k4w7-sm5v-yqgb
22
vulnerability VCID-mac4-2zg3-q3dg
23
vulnerability VCID-mftr-ma4j-mbhy
24
vulnerability VCID-n3cc-pvr9-4bd5
25
vulnerability VCID-nqds-u1fk-y7ch
26
vulnerability VCID-rg39-bur5-67e3
27
vulnerability VCID-rvwc-cy1n-yffg
28
vulnerability VCID-tjh9-vfdw-7yen
29
vulnerability VCID-v2nc-35z6-2kf6
30
vulnerability VCID-vch5-2deq-euaq
31
vulnerability VCID-xrut-zyv4-e3bf
32
vulnerability VCID-y4e1-mh3x-gkep
33
vulnerability VCID-ya57-9vg9-xka9
34
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta
4
url pkg:gem/rack@1.6.2
purl pkg:gem/rack@1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nzv-zger-fka9
1
vulnerability VCID-1pt2-23bn-7qev
2
vulnerability VCID-21pz-m7dy-8bey
3
vulnerability VCID-2zdv-mr4w-zkfg
4
vulnerability VCID-31yn-1jfq-z7am
5
vulnerability VCID-3c3t-sa76-j3bv
6
vulnerability VCID-4umy-say3-ruad
7
vulnerability VCID-5kyg-kwck-akaf
8
vulnerability VCID-5pry-5agj-tygz
9
vulnerability VCID-6hht-91zy-fqdf
10
vulnerability VCID-6t6w-vvzt-fqd9
11
vulnerability VCID-7pey-8xge-1fbz
12
vulnerability VCID-87hv-57m8-4qey
13
vulnerability VCID-8kwp-wuv8-gqf8
14
vulnerability VCID-8rbg-wrmj-1bcu
15
vulnerability VCID-9dqs-zbmn-b7e4
16
vulnerability VCID-dzhg-3hy9-w3gv
17
vulnerability VCID-f5ev-kfux-n7hj
18
vulnerability VCID-f6u2-fhux-43f3
19
vulnerability VCID-h44h-uxra-83cs
20
vulnerability VCID-j3e9-y38h-xbbu
21
vulnerability VCID-juuh-9psh-yyar
22
vulnerability VCID-k4w7-sm5v-yqgb
23
vulnerability VCID-mac4-2zg3-q3dg
24
vulnerability VCID-mftr-ma4j-mbhy
25
vulnerability VCID-n3cc-pvr9-4bd5
26
vulnerability VCID-nqds-u1fk-y7ch
27
vulnerability VCID-rvwc-cy1n-yffg
28
vulnerability VCID-tjh9-vfdw-7yen
29
vulnerability VCID-v2nc-35z6-2kf6
30
vulnerability VCID-vch5-2deq-euaq
31
vulnerability VCID-xrut-zyv4-e3bf
32
vulnerability VCID-y4e1-mh3x-gkep
33
vulnerability VCID-ya57-9vg9-xka9
34
vulnerability VCID-zbqp-syvz-8bb5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2
aliases CVE-2015-3225, GHSA-rgr4-9jh5-j4j6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg39-bur5-67e3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2