Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/699201?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/699201?format=api", "purl": "pkg:gem/rack@3.0.9", "type": "gem", "namespace": "", "name": "rack", "version": "3.0.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27494?format=api", "vulnerability_id": "VCID-22eh-9wun-h7b5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06637", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06655", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06645", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06667", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26962" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26962.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26962.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26962", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454511", "reference_id": "2454511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454511" }, { "reference_url": "https://github.com/advisories/GHSA-rx22-g9mx-qrhv", "reference_id": "GHSA-rx22-g9mx-qrhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rx22-g9mx-qrhv" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv", "reference_id": "GHSA-rx22-g9mx-qrhv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:31:17Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-26962", "GHSA-rx22-g9mx-qrhv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22eh-9wun-h7b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25780?format=api", "vulnerability_id": "VCID-34sm-19kr-1uby", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58316", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200", "reference_id": "2402200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772", "reference_id": "CVE-2025-61772", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml", "reference_id": "CVE-2025-61772.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "e08f78c656c9394d6737c022bde087e0f33336fd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34109?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/34112?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61772", "GHSA-wpv5-97wm-hp9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34sm-19kr-1uby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28381?format=api", "vulnerability_id": "VCID-3srh-99bk-ruft", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06242", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0625", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06272", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34826", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454508", "reference_id": "2454508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454508" }, { "reference_url": "https://github.com/advisories/GHSA-x8cg-fq8g-mxfx", "reference_id": "GHSA-x8cg-fq8g-mxfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8cg-fq8g-mxfx" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx", "reference_id": "GHSA-x8cg-fq8g-mxfx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34826", "GHSA-x8cg-fq8g-mxfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3srh-99bk-ruft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27406?format=api", "vulnerability_id": "VCID-5a6b-yemd-mqgb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07443", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07469", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07476", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480", "reference_id": "1128480", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440738", "reference_id": "2440738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440738" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500", "reference_id": "CVE-2026-25500", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml", "reference_id": "CVE-2026-25500.YML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml" }, { "reference_url": "https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff", "reference_id": "f2f225f297b99fbee3d9f51255d41f601fc40aff", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/" } ], "url": "https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff" }, { "reference_url": "https://github.com/advisories/GHSA-whrj-4476-wvmp", "reference_id": "GHSA-whrj-4476-wvmp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whrj-4476-wvmp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp", "reference_id": "GHSA-whrj-4476-wvmp", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp" }, { "reference_url": "https://usn.ubuntu.com/8066-1/", "reference_id": "USN-8066-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8066-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39190?format=api", "purl": "pkg:gem/rack@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/39192?format=api", "purl": "pkg:gem/rack@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5" } ], "aliases": [ "CVE-2026-25500", "GHSA-whrj-4476-wvmp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6b-yemd-mqgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18379?format=api", "vulnerability_id": "VCID-7m5s-fgj3-v3c5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.7405", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.74134", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.74137", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.74122", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265595", "reference_id": "2265595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265595" }, { "reference_url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716", "reference_id": "30b8e39a578b25d4bdcc082c1c52c6f164b59716", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716" }, { "reference_url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582", "reference_id": "6c5d90bdcec0949f7ba06db62fb740dab394b582", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942", "reference_id": "84942", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942" }, { "reference_url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f", "reference_id": "a227cd793778c7c3a827d32808058571569cda6f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26146", "reference_id": "CVE-2024-26146", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26146" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml", "reference_id": "CVE-2024-26146.yml", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml" }, { "reference_url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd", "reference_id": "e4c117749ba24a66f8ec5a08eddf68deeb425ccd", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd" }, { "reference_url": "https://github.com/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0006/", "reference_id": "ntap-20240510-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6689-1/", "reference_id": "USN-6689-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6689-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29429?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-9h1q-9jzw-1bdk" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mkxe-9gpy-ebdp" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-26146", "GHSA-54rr-7fvw-6x8f" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m5s-fgj3-v3c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25462?format=api", "vulnerability_id": "VCID-7t6e-rm2b-s7a1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69034", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69133", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69138", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.69127", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363", "reference_id": "1107363", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370346", "reference_id": "2370346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370346" }, { "reference_url": "https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f", "reference_id": "4795831a0a310c2d31102749e551b38faab6401f", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f" }, { "reference_url": "https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901", "reference_id": "aed514df37e33907df3c971ed3ca9a0a20ac2901", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901" }, { "reference_url": "https://github.com/advisories/GHSA-47m2-26rw-j2jw", "reference_id": "GHSA-47m2-26rw-j2jw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47m2-26rw-j2jw" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw", "reference_id": "GHSA-47m2-26rw-j2jw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378719?format=api", "purl": "pkg:gem/rack@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16" } ], "aliases": [ "CVE-2025-49007", "GHSA-47m2-26rw-j2jw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t6e-rm2b-s7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19756?format=api", "vulnerability_id": "VCID-9h1q-9jzw-1bdk", "summary": "", "references": [ { "reference_url": "https://advisory.dw1.io/61", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://advisory.dw1.io/61" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.7504", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.75121", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.75111", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058", "reference_id": "412c980450ca729ee37f90a2661f166a9665e058", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39316", "reference_id": "CVE-2024-39316", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml", "reference_id": "CVE-2024-39316.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://github.com/advisories/GHSA-cj83-2ww7-mvq7", "reference_id": "GHSA-cj83-2ww7-mvq7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj83-2ww7-mvq7" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7", "reference_id": "GHSA-cj83-2ww7-mvq7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32406?format=api", "purl": "pkg:gem/rack@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-9h1q-9jzw-1bdk" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mkxe-9gpy-ebdp" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.5" } ], "aliases": [ "CVE-2024-39316", "GHSA-cj83-2ww7-mvq7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9h1q-9jzw-1bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28177?format=api", "vulnerability_id": "VCID-abcn-y96c-dfe3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16248", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1628", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16128", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1627", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32762", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32762" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454489", "reference_id": "2454489", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454489" }, { "reference_url": "https://github.com/advisories/GHSA-qfgr-crr9-7r49", "reference_id": "GHSA-qfgr-crr9-7r49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfgr-crr9-7r49" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49", "reference_id": "GHSA-qfgr-crr9-7r49", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:32Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-32762", "GHSA-qfgr-crr9-7r49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abcn-y96c-dfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23404?format=api", "vulnerability_id": "VCID-e9ps-payd-abeu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01354", "scoring_system": "epss", "scoring_elements": "0.80529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01354", "scoring_system": "epss", "scoring_elements": "0.80593", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01354", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01354", "scoring_system": "epss", "scoring_elements": "0.8059", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27610", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27610" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444", "reference_id": "1100444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351231", "reference_id": "2351231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351231" }, { "reference_url": "https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583", "reference_id": "50caab74fa01ee8f5dbdee7bb2782126d20c6583", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/" } ], "url": "https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583" }, { "reference_url": "https://github.com/advisories/GHSA-7wqh-767x-r66v", "reference_id": "GHSA-7wqh-767x-r66v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wqh-767x-r66v" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v", "reference_id": "GHSA-7wqh-767x-r66v", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3448", "reference_id": "RHSA-2025:3448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3490", "reference_id": "RHSA-2025:3490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3491", "reference_id": "RHSA-2025:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3492", "reference_id": "RHSA-2025:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3906", "reference_id": "RHSA-2025:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4576", "reference_id": "RHSA-2025:4576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4576" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377903?format=api", "purl": "pkg:gem/rack@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/377904?format=api", "purl": "pkg:gem/rack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12" } ], "aliases": [ "CVE-2025-27610", "GHSA-7wqh-767x-r66v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ps-payd-abeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28383?format=api", "vulnerability_id": "VCID-eduz-d41z-ekfw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21285", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21306", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21111", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21292", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34829", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454488", "reference_id": "2454488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454488" }, { "reference_url": "https://github.com/advisories/GHSA-8vqr-qjwx-82mw", "reference_id": "GHSA-8vqr-qjwx-82mw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vqr-qjwx-82mw" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw", "reference_id": "GHSA-8vqr-qjwx-82mw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34829", "GHSA-8vqr-qjwx-82mw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eduz-d41z-ekfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25779?format=api", "vulnerability_id": "VCID-fcfm-c4dz-v3es", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28523", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30432", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30426", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30444", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628", "reference_id": "1117628", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175", "reference_id": "2402175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771", "reference_id": "CVE-2025-61771", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml", "reference_id": "CVE-2025-61771.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "e08f78c656c9394d6737c022bde087e0f33336fd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34109?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/34112?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61771", "GHSA-w9pc-fmgc-vxvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcfm-c4dz-v3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28379?format=api", "vulnerability_id": "VCID-gjjy-a7wb-qqaa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14557", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14581", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14466", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14584", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34786", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34786" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454507", "reference_id": "2454507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454507" }, { "reference_url": "https://github.com/advisories/GHSA-q4qf-9j86-f5mh", "reference_id": "GHSA-q4qf-9j86-f5mh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4qf-9j86-f5mh" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh", "reference_id": "GHSA-q4qf-9j86-f5mh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34786", "GHSA-q4qf-9j86-f5mh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjjy-a7wb-qqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28386?format=api", "vulnerability_id": "VCID-gsss-za6y-c7hk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32281", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32303", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32101", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32285", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34835", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454482", "reference_id": "2454482", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454482" }, { "reference_url": "https://github.com/advisories/GHSA-g2pf-xv49-m2h5", "reference_id": "GHSA-g2pf-xv49-m2h5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2pf-xv49-m2h5" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5", "reference_id": "GHSA-g2pf-xv49-m2h5", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:43:54Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34835", "GHSA-g2pf-xv49-m2h5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsss-za6y-c7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/26805?format=api", "vulnerability_id": "VCID-guej-7tq7-fbb7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31062", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31253", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31271", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31257", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479", "reference_id": "1128479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440737", "reference_id": "2440737", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440737" }, { "reference_url": "https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7", "reference_id": "75c5745c286637a8f049a33790c71237762069e7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/" } ], "url": "https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22860", "reference_id": "CVE-2026-22860", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22860" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml", "reference_id": "CVE-2026-22860.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml" }, { "reference_url": "https://github.com/advisories/GHSA-mxw3-3hh2-x2mh", "reference_id": "GHSA-mxw3-3hh2-x2mh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxw3-3hh2-x2mh" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh", "reference_id": "GHSA-mxw3-3hh2-x2mh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh" }, { "reference_url": "https://usn.ubuntu.com/8066-1/", "reference_id": "USN-8066-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8066-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39190?format=api", "purl": "pkg:gem/rack@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/39192?format=api", "purl": "pkg:gem/rack@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5" } ], "aliases": [ "CVE-2026-22860", "GHSA-mxw3-3hh2-x2mh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-guej-7tq7-fbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23336?format=api", "vulnerability_id": "VCID-mkxe-9gpy-ebdp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80882", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80944", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80952", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80942", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25184", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25184" }, { "reference_url": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e", "reference_id": "074ae244430cda05c27ca91cda699709cfb3ad8e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/" } ], "url": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257", "reference_id": "1098257", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345301", "reference_id": "2345301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345301" }, { "reference_url": "https://github.com/advisories/GHSA-7g2v-jj9q-g3rg", "reference_id": "GHSA-7g2v-jj9q-g3rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g2v-jj9q-g3rg" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg", "reference_id": "GHSA-7g2v-jj9q-g3rg", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1985", "reference_id": "RHSA-2025:1985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7085", "reference_id": "RHSA-2025:7085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7085" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377241?format=api", "purl": "pkg:gem/rack@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/377242?format=api", "purl": "pkg:gem/rack@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10" } ], "aliases": [ "CVE-2025-25184", "GHSA-7g2v-jj9q-g3rg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkxe-9gpy-ebdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28378?format=api", "vulnerability_id": "VCID-mqhf-duvt-7yfk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15664", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15696", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15546", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15684", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34785", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34785" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454486", "reference_id": "2454486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454486" }, { "reference_url": "https://github.com/advisories/GHSA-h2jq-g4cq-5ppq", "reference_id": "GHSA-h2jq-g4cq-5ppq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2jq-g4cq-5ppq" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq", "reference_id": "GHSA-h2jq-g4cq-5ppq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34785", "GHSA-h2jq-g4cq-5ppq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqhf-duvt-7yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28384?format=api", "vulnerability_id": "VCID-nd2m-v3wz-xfhw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15664", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15696", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15546", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15684", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34830", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454510", "reference_id": "2454510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454510" }, { "reference_url": "https://github.com/advisories/GHSA-qv7j-4883-hwh7", "reference_id": "GHSA-qv7j-4883-hwh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv7j-4883-hwh7" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7", "reference_id": "GHSA-qv7j-4883-hwh7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34830", "GHSA-qv7j-4883-hwh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd2m-v3wz-xfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28377?format=api", "vulnerability_id": "VCID-nesq-w996-akh4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13791", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1382", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13822", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454498", "reference_id": "2454498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454498" }, { "reference_url": "https://github.com/advisories/GHSA-7mqq-6cf9-v2qp", "reference_id": "GHSA-7mqq-6cf9-v2qp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mqq-6cf9-v2qp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp", "reference_id": "GHSA-7mqq-6cf9-v2qp", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34763", "GHSA-7mqq-6cf9-v2qp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nesq-w996-akh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25781?format=api", "vulnerability_id": "VCID-q6h3-j4b9-4kfg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01474", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01457", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0146", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01466", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855", "reference_id": "1117855", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126", "reference_id": "2403126", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126" }, { "reference_url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784", "reference_id": "57277b7741581fa827472c5c666f6e6a33abd784", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784" }, { "reference_url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a", "reference_id": "7e69f65eefe9cd2868df9f9f3b0977b86f93523a", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780", "reference_id": "CVE-2025-61780", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml", "reference_id": "CVE-2025-61780.YML", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml" }, { "reference_url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85", "reference_id": "fba2c8bc63eb787ff4b19bc612d315fda6126d85", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85" }, { "reference_url": "https://github.com/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34182?format=api", "purl": "pkg:gem/rack@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/34180?format=api", "purl": "pkg:gem/rack@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3" } ], "aliases": [ "CVE-2025-61780", "GHSA-r657-rxjc-j557" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6h3-j4b9-4kfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28382?format=api", "vulnerability_id": "VCID-rb6e-p5hw-kfa6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0671", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06726", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06717", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06738", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454501", "reference_id": "2454501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454501" }, { "reference_url": "https://github.com/advisories/GHSA-v6x5-cg8r-vv6x", "reference_id": "GHSA-v6x5-cg8r-vv6x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6x5-cg8r-vv6x" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x", "reference_id": "GHSA-v6x5-cg8r-vv6x", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:04Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34827", "GHSA-v6x5-cg8r-vv6x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb6e-p5hw-kfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25789?format=api", "vulnerability_id": "VCID-s6ny-5vqq-uqg7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.52023", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51897", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.52027", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5204", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856", "reference_id": "1117856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180", "reference_id": "2403180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180" }, { "reference_url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881", "reference_id": "4e2c903991a790ee211a3021808ff4fd6fe82881", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881" }, { "reference_url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db", "reference_id": "cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919", "reference_id": "CVE-2025-61919", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml", "reference_id": "CVE-2025-61919.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml" }, { "reference_url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f", "reference_id": "e179614c4a653283286f5f046428cbb85f21146f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f" }, { "reference_url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19832", "reference_id": "RHSA-2025:19832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19855", "reference_id": "RHSA-2025:19855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19856", "reference_id": "RHSA-2025:19856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34182?format=api", "purl": "pkg:gem/rack@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/34180?format=api", "purl": "pkg:gem/rack@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3" } ], "aliases": [ "CVE-2025-61919", "GHSA-6xw4-3v39-52mm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ny-5vqq-uqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28322?format=api", "vulnerability_id": "VCID-t2vh-fkgc-tba9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06736", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06752", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06744", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06763", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34230", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454493", "reference_id": "2454493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454493" }, { "reference_url": "https://github.com/advisories/GHSA-v569-hp3g-36wr", "reference_id": "GHSA-v569-hp3g-36wr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v569-hp3g-36wr" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr", "reference_id": "GHSA-v569-hp3g-36wr", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34230", "GHSA-v569-hp3g-36wr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2vh-fkgc-tba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27493?format=api", "vulnerability_id": "VCID-vxsm-fcuq-y7e8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03084", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03071", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03076", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03088", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26961", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454483", "reference_id": "2454483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454483" }, { "reference_url": "https://github.com/advisories/GHSA-vgpv-f759-9wx3", "reference_id": "GHSA-vgpv-f759-9wx3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgpv-f759-9wx3" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3", "reference_id": "GHSA-vgpv-f759-9wx3", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-26961", "GHSA-vgpv-f759-9wx3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxsm-fcuq-y7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23373?format=api", "vulnerability_id": "VCID-w8dy-4cvu-ckcm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71751", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.7185", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71837", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27111", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546", "reference_id": "1099546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349810", "reference_id": "2349810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349810" }, { "reference_url": "https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53", "reference_id": "803aa221e8302719715e224f4476e438f2531a53", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53" }, { "reference_url": "https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b", "reference_id": "aeac570bb8080ca7b53b7f2e2f67498be7ebd30b", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b" }, { "reference_url": "https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3", "reference_id": "b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3" }, { "reference_url": "https://github.com/advisories/GHSA-8cgq-6mh2-7j6v", "reference_id": "GHSA-8cgq-6mh2-7j6v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8cgq-6mh2-7j6v" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v", "reference_id": "GHSA-8cgq-6mh2-7j6v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377934?format=api", "purl": "pkg:gem/rack@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/377935?format=api", "purl": "pkg:gem/rack@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11" } ], "aliases": [ "CVE-2025-27111", "GHSA-8cgq-6mh2-7j6v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8dy-4cvu-ckcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18337?format=api", "vulnerability_id": "VCID-wvjz-yynu-qbbf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64204", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.64207", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265593", "reference_id": "2265593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265593" }, { "reference_url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462", "reference_id": "6efb2ceea003c4b195815a614e00438cbd543462", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462" }, { "reference_url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941", "reference_id": "84941", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25126", "reference_id": "CVE-2024-25126", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25126" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml", "reference_id": "CVE-2024-25126.yml", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml" }, { "reference_url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49", "reference_id": "d9c163a443b8cadf4711d84bd2c58cb9ef89cf49", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49" }, { "reference_url": "https://github.com/advisories/GHSA-22f2-v57c-j9cx", "reference_id": "GHSA-22f2-v57c-j9cx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22f2-v57c-j9cx" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx", "reference_id": "GHSA-22f2-v57c-j9cx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0005/", "reference_id": "ntap-20240510-0005", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29429?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-9h1q-9jzw-1bdk" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mkxe-9gpy-ebdp" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-25126", "GHSA-22f2-v57c-j9cx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvjz-yynu-qbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25379?format=api", "vulnerability_id": "VCID-ym3c-dbhb-e3fs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74643", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74725", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74727", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74714", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927", "reference_id": "1104927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966", "reference_id": "2364966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966" }, { "reference_url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712", "reference_id": "2bb5263b464b65ba4b648996a579dbd180d2b712", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712" }, { "reference_url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3", "reference_id": "3f5a4249118d09d199fe480466c8c6717e43b6e3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3" }, { "reference_url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74", "reference_id": "cd6b70a1f2a1016b73dc906f924869f4902c2d74", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "GHSA-gjh7-p2fx-99vx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "GHSA-gjh7-p2fx-99vx", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7604", "reference_id": "RHSA-2025:7604", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7604" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7605", "reference_id": "RHSA-2025:7605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8254", "reference_id": "RHSA-2025:8254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8256", "reference_id": "RHSA-2025:8256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8279", "reference_id": "RHSA-2025:8279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8288", "reference_id": "RHSA-2025:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8289", "reference_id": "RHSA-2025:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8290", "reference_id": "RHSA-2025:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8291", "reference_id": "RHSA-2025:8291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8319", "reference_id": "RHSA-2025:8319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8322", "reference_id": "RHSA-2025:8322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8323", "reference_id": "RHSA-2025:8323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/7507-1/", "reference_id": "USN-7507-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7507-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379017?format=api", "purl": "pkg:gem/rack@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/379018?format=api", "purl": "pkg:gem/rack@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14" } ], "aliases": [ "CVE-2025-46727", "GHSA-gjh7-p2fx-99vx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ym3c-dbhb-e3fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28385?format=api", "vulnerability_id": "VCID-yybg-erer-jfaw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13791", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1382", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13705", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13822", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34831", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454504", "reference_id": "2454504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454504" }, { "reference_url": "https://github.com/advisories/GHSA-q2ww-5357-x388", "reference_id": "GHSA-q2ww-5357-x388", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2ww-5357-x388" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388", "reference_id": "GHSA-q2ww-5357-x388", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373391?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/373392?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34831", "GHSA-q2ww-5357-x388" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yybg-erer-jfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18375?format=api", "vulnerability_id": "VCID-zmuu-6s9z-cqd2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61777", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61878", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61885", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61877", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265594", "reference_id": "2265594", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265594" }, { "reference_url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9", "reference_id": "4849132bef471adb21131980df745f4bb84de2d9", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9" }, { "reference_url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b", "reference_id": "62457686b26d33a15a254c7768c2076e8e02b48b", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944", "reference_id": "84944", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26141", "reference_id": "CVE-2024-26141", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26141" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml", "reference_id": "CVE-2024-26141.yml", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xj5v-6v4g-jfw6", "reference_id": "GHSA-xj5v-6v4g-jfw6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj5v-6v4g-jfw6" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6", "reference_id": "GHSA-xj5v-6v4g-jfw6", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0007/", "reference_id": "ntap-20240510-0007", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6689-1/", "reference_id": "USN-6689-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6689-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29429?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-34sm-19kr-1uby" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-7t6e-rm2b-s7a1" }, { "vulnerability": "VCID-9h1q-9jzw-1bdk" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-e9ps-payd-abeu" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-fcfm-c4dz-v3es" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mkxe-9gpy-ebdp" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-w8dy-4cvu-ckcm" }, { "vulnerability": "VCID-ym3c-dbhb-e3fs" }, { "vulnerability": "VCID-yybg-erer-jfaw" }, { "vulnerability": "VCID-zv9m-9yhe-5uab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-26141", "GHSA-xj5v-6v4g-jfw6" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmuu-6s9z-cqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25778?format=api", "vulnerability_id": "VCID-zv9m-9yhe-5uab", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50356", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53027", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5303", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53045", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174", "reference_id": "2402174", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770", "reference_id": "CVE-2025-61770", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml", "reference_id": "CVE-2025-61770.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "e08f78c656c9394d6737c022bde087e0f33336fd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://github.com/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34109?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/34112?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22eh-9wun-h7b5" }, { "vulnerability": "VCID-3srh-99bk-ruft" }, { "vulnerability": "VCID-5a6b-yemd-mqgb" }, { "vulnerability": "VCID-abcn-y96c-dfe3" }, { "vulnerability": "VCID-eduz-d41z-ekfw" }, { "vulnerability": "VCID-gjjy-a7wb-qqaa" }, { "vulnerability": "VCID-gsss-za6y-c7hk" }, { "vulnerability": "VCID-guej-7tq7-fbb7" }, { "vulnerability": "VCID-mqhf-duvt-7yfk" }, { "vulnerability": "VCID-nd2m-v3wz-xfhw" }, { "vulnerability": "VCID-nesq-w996-akh4" }, { "vulnerability": "VCID-q6h3-j4b9-4kfg" }, { "vulnerability": "VCID-rb6e-p5hw-kfa6" }, { "vulnerability": "VCID-s6ny-5vqq-uqg7" }, { "vulnerability": "VCID-t2vh-fkgc-tba9" }, { "vulnerability": "VCID-vxsm-fcuq-y7e8" }, { "vulnerability": "VCID-yybg-erer-jfaw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61770", "GHSA-p543-xpfm-54cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv9m-9yhe-5uab" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9" }