Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rack@3.1.14
Typegem
Namespace
Namerack
Version3.1.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.21
Latest_non_vulnerable_version3.2.6
Affected_by_vulnerabilities
0
url VCID-1pt2-23bn-7qev
vulnerability_id VCID-1pt2-23bn-7qev
summary rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34831
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/
url https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34831
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
reference_id 2454504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454504
9
reference_url https://github.com/advisories/GHSA-q2ww-5357-x388
reference_id GHSA-q2ww-5357-x388
reference_type
scores
url https://github.com/advisories/GHSA-q2ww-5357-x388
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34831, GHSA-q2ww-5357-x388
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pt2-23bn-7qev
1
url VCID-21pz-m7dy-8bey
vulnerability_id VCID-21pz-m7dy-8bey
summary github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02889
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26961
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/
url https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26961
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
reference_id 2454483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454483
9
reference_url https://github.com/advisories/GHSA-vgpv-f759-9wx3
reference_id GHSA-vgpv-f759-9wx3
reference_type
scores
url https://github.com/advisories/GHSA-vgpv-f759-9wx3
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-26961, GHSA-vgpv-f759-9wx3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21pz-m7dy-8bey
2
url VCID-2zdv-mr4w-zkfg
vulnerability_id VCID-2zdv-mr4w-zkfg
summary rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01466
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
6
reference_url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
7
reference_url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements
1
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
reference_id 1117855
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
reference_id 2403126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
13
reference_url https://github.com/advisories/GHSA-r657-rxjc-j557
reference_id GHSA-r657-rxjc-j557
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r657-rxjc-j557
14
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
1
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61780, GHSA-r657-rxjc-j557
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zdv-mr4w-zkfg
3
url VCID-3bh7-vrvj-p3g1
vulnerability_id VCID-3bh7-vrvj-p3g1
summary rack: Rack: Parameter smuggling via improper Forwarded header parsing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32762
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15406
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32762
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:32Z/
url https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32762
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32762
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454489
reference_id 2454489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454489
9
reference_url https://github.com/advisories/GHSA-qfgr-crr9-7r49
reference_id GHSA-qfgr-crr9-7r49
reference_type
scores
url https://github.com/advisories/GHSA-qfgr-crr9-7r49
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-32762, GHSA-qfgr-crr9-7r49
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bh7-vrvj-p3g1
4
url VCID-4umy-say3-ruad
vulnerability_id VCID-4umy-say3-ruad
summary rubygem-rack: Rack stored XSS in Rack::Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07554
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25500
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25500
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
reference_id 1128480
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
reference_id 2440738
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440738
11
reference_url https://github.com/advisories/GHSA-whrj-4476-wvmp
reference_id GHSA-whrj-4476-wvmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whrj-4476-wvmp
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
1
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-25500, GHSA-whrj-4476-wvmp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4umy-say3-ruad
5
url VCID-5pry-5agj-tygz
vulnerability_id VCID-5pry-5agj-tygz
summary rubygem-rack: Rack Directory Traversal via Rack:Directory
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31135
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22860
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/
url https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22860
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
reference_id 1128479
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
reference_id 2440737
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2440737
11
reference_url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
reference_id GHSA-mxw3-3hh2-x2mh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
12
reference_url https://usn.ubuntu.com/8066-1/
reference_id USN-8066-1
reference_type
scores
url https://usn.ubuntu.com/8066-1/
fixed_packages
0
url pkg:gem/rack@3.1.20
purl pkg:gem/rack@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20
1
url pkg:gem/rack@3.2.5
purl pkg:gem/rack@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-6hht-91zy-fqdf
4
vulnerability VCID-6t6w-vvzt-fqd9
5
vulnerability VCID-7pey-8xge-1fbz
6
vulnerability VCID-8rbg-wrmj-1bcu
7
vulnerability VCID-dchf-rhvg-zycw
8
vulnerability VCID-j3e9-y38h-xbbu
9
vulnerability VCID-mftr-ma4j-mbhy
10
vulnerability VCID-tzca-xm43-xugs
11
vulnerability VCID-vch5-2deq-euaq
12
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5
aliases CVE-2026-22860, GHSA-mxw3-3hh2-x2mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pry-5agj-tygz
6
url VCID-6hht-91zy-fqdf
vulnerability_id VCID-6hht-91zy-fqdf
summary rack: Rack: Denial of Service via crafted Accept-Encoding header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06608
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34230
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/
url https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34230
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
reference_id 2454493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454493
9
reference_url https://github.com/advisories/GHSA-v569-hp3g-36wr
reference_id GHSA-v569-hp3g-36wr
reference_type
scores
url https://github.com/advisories/GHSA-v569-hp3g-36wr
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34230, GHSA-v569-hp3g-36wr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hht-91zy-fqdf
7
url VCID-6t6w-vvzt-fqd9
vulnerability_id VCID-6t6w-vvzt-fqd9
summary github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34785
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/
url https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34785
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
reference_id 2454486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454486
9
reference_url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
reference_id GHSA-h2jq-g4cq-5ppq
reference_type
scores
url https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34785, GHSA-h2jq-g4cq-5ppq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6w-vvzt-fqd9
8
url VCID-7pey-8xge-1fbz
vulnerability_id VCID-7pey-8xge-1fbz
summary rack: Rack: Denial of Service via unbounded multipart file upload
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20368
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/
url https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34829
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
reference_id 2454488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454488
9
reference_url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
reference_id GHSA-8vqr-qjwx-82mw
reference_type
scores
url https://github.com/advisories/GHSA-8vqr-qjwx-82mw
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34829, GHSA-8vqr-qjwx-82mw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pey-8xge-1fbz
9
url VCID-8kwp-wuv8-gqf8
vulnerability_id VCID-8kwp-wuv8-gqf8
summary rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51764
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
6
reference_url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
7
reference_url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
reference_id 1117856
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
reference_id 2403180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
13
reference_url https://github.com/advisories/GHSA-6xw4-3v39-52mm
reference_id GHSA-6xw4-3v39-52mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xw4-3v39-52mm
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
23
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
24
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
25
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
26
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
27
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
28
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
29
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@3.1.18
purl pkg:gem/rack@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18
1
url pkg:gem/rack@3.2.3
purl pkg:gem/rack@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-3bh7-vrvj-p3g1
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8rbg-wrmj-1bcu
9
vulnerability VCID-dchf-rhvg-zycw
10
vulnerability VCID-j3e9-y38h-xbbu
11
vulnerability VCID-mftr-ma4j-mbhy
12
vulnerability VCID-tzca-xm43-xugs
13
vulnerability VCID-vch5-2deq-euaq
14
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3
aliases CVE-2025-61919, GHSA-6xw4-3v39-52mm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kwp-wuv8-gqf8
10
url VCID-8rbg-wrmj-1bcu
vulnerability_id VCID-8rbg-wrmj-1bcu
summary rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/
url https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34830
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
reference_id 2454510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454510
9
reference_url https://github.com/advisories/GHSA-qv7j-4883-hwh7
reference_id GHSA-qv7j-4883-hwh7
reference_type
scores
url https://github.com/advisories/GHSA-qv7j-4883-hwh7
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34830, GHSA-qv7j-4883-hwh7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rbg-wrmj-1bcu
11
url VCID-9dqs-zbmn-b7e4
vulnerability_id VCID-9dqs-zbmn-b7e4
summary rack: Rack memory exhaustion denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55636
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
reference_id 2402200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
13
reference_url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
1
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61772, GHSA-wpv5-97wm-hp9c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dqs-zbmn-b7e4
12
url VCID-dchf-rhvg-zycw
vulnerability_id VCID-dchf-rhvg-zycw
summary rack: Rack: Host header poisoning due to malformed Host header bypasses validation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34835
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35557
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34835
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:43:54Z/
url https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34835
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34835
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454482
reference_id 2454482
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454482
9
reference_url https://github.com/advisories/GHSA-g2pf-xv49-m2h5
reference_id GHSA-g2pf-xv49-m2h5
reference_type
scores
url https://github.com/advisories/GHSA-g2pf-xv49-m2h5
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34835, GHSA-g2pf-xv49-m2h5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dchf-rhvg-zycw
13
url VCID-dzhg-3hy9-w3gv
vulnerability_id VCID-dzhg-3hy9-w3gv
summary rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.2864
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
reference_id 1117628
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
reference_id 2402175
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
13
reference_url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
19
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
20
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
21
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
22
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
23
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
24
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
1
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzhg-3hy9-w3gv
14
url VCID-j3e9-y38h-xbbu
vulnerability_id VCID-j3e9-y38h-xbbu
summary rack: Rack: Security header bypass via URL-encoded static path requests
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13787
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34786
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/
url https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34786
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
reference_id 2454507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454507
9
reference_url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
reference_id GHSA-q4qf-9j86-f5mh
reference_type
scores
url https://github.com/advisories/GHSA-q4qf-9j86-f5mh
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34786, GHSA-q4qf-9j86-f5mh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e9-y38h-xbbu
15
url VCID-juuh-9psh-yyar
vulnerability_id VCID-juuh-9psh-yyar
summary rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5021
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
reference_id 2402174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
13
reference_url https://github.com/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p543-xpfm-54cp
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:gem/rack@3.1.17
purl pkg:gem/rack@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17
1
url pkg:gem/rack@3.2.2
purl pkg:gem/rack@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-vch5-2deq-euaq
16
vulnerability VCID-x316-jquh-63ek
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2
aliases CVE-2025-61770, GHSA-p543-xpfm-54cp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-juuh-9psh-yyar
16
url VCID-mftr-ma4j-mbhy
vulnerability_id VCID-mftr-ma4j-mbhy
summary rack: Rack: Denial of Service via malicious HTTP Range header
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06114
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34826
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/
url https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34826
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
reference_id 2454508
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454508
9
reference_url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
reference_id GHSA-x8cg-fq8g-mxfx
reference_type
scores
url https://github.com/advisories/GHSA-x8cg-fq8g-mxfx
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34826, GHSA-x8cg-fq8g-mxfx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mftr-ma4j-mbhy
17
url VCID-tzca-xm43-xugs
vulnerability_id VCID-tzca-xm43-xugs
summary rack: Rack: Denial of Service via crafted multipart/form-data requests
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34827
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06581
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34827
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34827
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34827
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454501
reference_id 2454501
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454501
9
reference_url https://github.com/advisories/GHSA-v6x5-cg8r-vv6x
reference_id GHSA-v6x5-cg8r-vv6x
reference_type
scores
url https://github.com/advisories/GHSA-v6x5-cg8r-vv6x
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34827, GHSA-v6x5-cg8r-vv6x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzca-xm43-xugs
18
url VCID-v2nc-35z6-2kf6
vulnerability_id VCID-v2nc-35z6-2kf6
summary rack: rubygem-rack: Rack Content-Disposition Denial of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
reference_id
reference_type
scores
0
value 0.00569
scoring_system epss
scoring_elements 0.68866
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
4
reference_url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
5
reference_url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
reference_id 1107363
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
reference_id 2370346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
11
reference_url https://github.com/advisories/GHSA-47m2-26rw-j2jw
reference_id GHSA-47m2-26rw-j2jw
reference_type
scores
url https://github.com/advisories/GHSA-47m2-26rw-j2jw
fixed_packages
0
url pkg:gem/rack@3.1.16
purl pkg:gem/rack@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16
aliases CVE-2025-49007, GHSA-47m2-26rw-j2jw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nc-35z6-2kf6
19
url VCID-vch5-2deq-euaq
vulnerability_id VCID-vch5-2deq-euaq
summary rack: Rack: Information disclosure via regular expression metacharacters in root path
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12991
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
reference_id 2454498
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
9
reference_url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
reference_id GHSA-7mqq-6cf9-v2qp
reference_type
scores
url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
10
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
fixed_packages
0
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
1
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
aliases CVE-2026-34763, GHSA-7mqq-6cf9-v2qp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vch5-2deq-euaq
Fixing_vulnerabilities
0
url VCID-nqds-u1fk-y7ch
vulnerability_id VCID-nqds-u1fk-y7ch
summary rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74504
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
6
reference_url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
7
reference_url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
reference_id 1104927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
reference_id 2364966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
13
reference_url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
reference_id GHSA-gjh7-p2fx-99vx
reference_type
scores
url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
14
reference_url https://access.redhat.com/errata/RHSA-2025:7604
reference_id RHSA-2025:7604
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7604
15
reference_url https://access.redhat.com/errata/RHSA-2025:7605
reference_id RHSA-2025:7605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7605
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8256
reference_id RHSA-2025:8256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8256
18
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
19
reference_url https://access.redhat.com/errata/RHSA-2025:8288
reference_id RHSA-2025:8288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8288
20
reference_url https://access.redhat.com/errata/RHSA-2025:8289
reference_id RHSA-2025:8289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8289
21
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
22
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
23
reference_url https://access.redhat.com/errata/RHSA-2025:8319
reference_id RHSA-2025:8319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8319
24
reference_url https://access.redhat.com/errata/RHSA-2025:8322
reference_id RHSA-2025:8322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8322
25
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
26
reference_url https://access.redhat.com/errata/RHSA-2025:9838
reference_id RHSA-2025:9838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9838
27
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:gem/rack@2.2.14
purl pkg:gem/rack@2.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-4umy-say3-ruad
4
vulnerability VCID-5pry-5agj-tygz
5
vulnerability VCID-6hht-91zy-fqdf
6
vulnerability VCID-6t6w-vvzt-fqd9
7
vulnerability VCID-7pey-8xge-1fbz
8
vulnerability VCID-8kwp-wuv8-gqf8
9
vulnerability VCID-8rbg-wrmj-1bcu
10
vulnerability VCID-9dqs-zbmn-b7e4
11
vulnerability VCID-dzhg-3hy9-w3gv
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-juuh-9psh-yyar
14
vulnerability VCID-mftr-ma4j-mbhy
15
vulnerability VCID-tjh9-vfdw-7yen
16
vulnerability VCID-v2nc-35z6-2kf6
17
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14
1
url pkg:gem/rack@3.0.16
purl pkg:gem/rack@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-dchf-rhvg-zycw
12
vulnerability VCID-j3e9-y38h-xbbu
13
vulnerability VCID-mftr-ma4j-mbhy
14
vulnerability VCID-tzca-xm43-xugs
15
vulnerability VCID-v2nc-35z6-2kf6
16
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16
2
url pkg:gem/rack@3.1.14
purl pkg:gem/rack@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pt2-23bn-7qev
1
vulnerability VCID-21pz-m7dy-8bey
2
vulnerability VCID-2zdv-mr4w-zkfg
3
vulnerability VCID-3bh7-vrvj-p3g1
4
vulnerability VCID-4umy-say3-ruad
5
vulnerability VCID-5pry-5agj-tygz
6
vulnerability VCID-6hht-91zy-fqdf
7
vulnerability VCID-6t6w-vvzt-fqd9
8
vulnerability VCID-7pey-8xge-1fbz
9
vulnerability VCID-8kwp-wuv8-gqf8
10
vulnerability VCID-8rbg-wrmj-1bcu
11
vulnerability VCID-9dqs-zbmn-b7e4
12
vulnerability VCID-dchf-rhvg-zycw
13
vulnerability VCID-dzhg-3hy9-w3gv
14
vulnerability VCID-j3e9-y38h-xbbu
15
vulnerability VCID-juuh-9psh-yyar
16
vulnerability VCID-mftr-ma4j-mbhy
17
vulnerability VCID-tzca-xm43-xugs
18
vulnerability VCID-v2nc-35z6-2kf6
19
vulnerability VCID-vch5-2deq-euaq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14
aliases CVE-2025-46727, GHSA-gjh7-p2fx-99vx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqds-u1fk-y7ch
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14