Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/75649?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/75649?format=api", "purl": "pkg:gem/rack@1.5", "type": "gem", "namespace": "", "name": "rack", "version": "1.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.2.23", "latest_non_vulnerable_version": "3.2.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37887?format=api", "vulnerability_id": "VCID-2bvt-36z3-9qar", "summary": "Potential Denial of Service Vulnerability\nCarefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/14" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13251", "scoring_system": "epss", "scoring_elements": "0.94282", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/HISTORY.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/HISTORY.md" }, { "reference_url": "https://github.com/rack/rack/commits/1.4.6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/commits/1.4.6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3322", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3322" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292", "reference_id": "1232292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311", "reference_id": "789311", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311" }, { "reference_url": "https://github.com/advisories/GHSA-rgr4-9jh5-j4j6", "reference_id": "GHSA-rgr4-9jh5-j4j6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgr4-9jh5-j4j6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2290", "reference_id": "RHSA-2015:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2290" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52334?format=api", "purl": "pkg:gem/rack@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jru-u17n-tyg1" }, { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-7cef-z5qm-afd8" }, { "vulnerability": "VCID-amfu-8d25-juhy" }, { "vulnerability": "VCID-bj83-rx84-v3g9" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-c9mc-7nts-cfgy" }, { "vulnerability": "VCID-dss4-6ptr-83av" }, { "vulnerability": "VCID-e11g-k7zm-vkhu" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-huph-y2xr-g3dk" }, { "vulnerability": "VCID-k8fr-zuyx-yyhg" }, { "vulnerability": "VCID-kd2v-rt9y-uqh7" }, { "vulnerability": "VCID-n1sj-dwab-j3ca" }, { "vulnerability": "VCID-vk15-7qdb-xkh9" }, { "vulnerability": "VCID-x373-rhh4-7khm" }, { "vulnerability": "VCID-xpa3-1n87-8ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/159981?format=api", "purl": "pkg:gem/rack@1.6.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bvt-36z3-9qar" }, { "vulnerability": "VCID-3jru-u17n-tyg1" }, { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-7cef-z5qm-afd8" }, { "vulnerability": "VCID-amfu-8d25-juhy" }, { "vulnerability": "VCID-bj83-rx84-v3g9" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-c9mc-7nts-cfgy" }, { "vulnerability": "VCID-dss4-6ptr-83av" }, { "vulnerability": "VCID-e11g-k7zm-vkhu" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-huph-y2xr-g3dk" }, { "vulnerability": "VCID-k8fr-zuyx-yyhg" }, { "vulnerability": "VCID-kd2v-rt9y-uqh7" }, { "vulnerability": "VCID-n1sj-dwab-j3ca" }, { "vulnerability": "VCID-vk15-7qdb-xkh9" }, { "vulnerability": "VCID-x373-rhh4-7khm" }, { "vulnerability": "VCID-xpa3-1n87-8ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/52335?format=api", "purl": "pkg:gem/rack@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ra1-pgt2-3ubf" }, { "vulnerability": "VCID-3jru-u17n-tyg1" }, { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-7cef-z5qm-afd8" }, { "vulnerability": "VCID-amfu-8d25-juhy" }, { "vulnerability": "VCID-bj83-rx84-v3g9" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-c9mc-7nts-cfgy" }, { "vulnerability": "VCID-dss4-6ptr-83av" }, { "vulnerability": "VCID-e11g-k7zm-vkhu" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-huph-y2xr-g3dk" }, { "vulnerability": "VCID-k8fr-zuyx-yyhg" }, { "vulnerability": "VCID-kd2v-rt9y-uqh7" }, { "vulnerability": "VCID-n1sj-dwab-j3ca" }, { "vulnerability": "VCID-vk15-7qdb-xkh9" }, { "vulnerability": "VCID-x373-rhh4-7khm" }, { "vulnerability": "VCID-xpa3-1n87-8ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2" } ], "aliases": [ "CVE-2015-3225", "GHSA-rgr4-9jh5-j4j6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bvt-36z3-9qar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37485?format=api", "vulnerability_id": "VCID-6dhj-xgsb-nkhd", "summary": "Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79775", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262" }, { "reference_url": "https://gist.github.com/rentzsch/4736940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/rentzsch/4736940" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56" }, { "reference_url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173", "reference_id": "700173", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173" }, { "reference_url": "https://github.com/advisories/GHSA-85r7-w5mv-c849", "reference_id": "GHSA-85r7-w5mv-c849", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85r7-w5mv-c849" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51374?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bvt-36z3-9qar" }, { "vulnerability": "VCID-3jru-u17n-tyg1" }, { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-7cef-z5qm-afd8" }, { "vulnerability": "VCID-amfu-8d25-juhy" }, { "vulnerability": "VCID-bj83-rx84-v3g9" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-c9mc-7nts-cfgy" }, { "vulnerability": "VCID-dss4-6ptr-83av" }, { "vulnerability": "VCID-e11g-k7zm-vkhu" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-huph-y2xr-g3dk" }, { "vulnerability": "VCID-k8fr-zuyx-yyhg" }, { "vulnerability": "VCID-kd2v-rt9y-uqh7" }, { "vulnerability": "VCID-n1sj-dwab-j3ca" }, { "vulnerability": "VCID-rr79-famc-37a8" }, { "vulnerability": "VCID-vk15-7qdb-xkh9" }, { "vulnerability": "VCID-x373-rhh4-7khm" }, { "vulnerability": "VCID-xpa3-1n87-8ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0262", "GHSA-85r7-w5mv-c849", "OSV-89938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dhj-xgsb-nkhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37484?format=api", "vulnerability_id": "VCID-w1cf-9x6v-pyhw", "summary": "Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16071", "scoring_system": "epss", "scoring_elements": "0.94909", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0263" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263" }, { "reference_url": "https://gist.github.com/codahale/f9f3781f7b54985bee94", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/codahale/f9f3781f7b54985bee94" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07" }, { "reference_url": "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11" }, { "reference_url": "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0263", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0263" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226", "reference_id": "700226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226" }, { "reference_url": "https://github.com/advisories/GHSA-xc85-32mf-xpv8", "reference_id": "GHSA-xc85-32mf-xpv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc85-32mf-xpv8" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51374?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bvt-36z3-9qar" }, { "vulnerability": "VCID-3jru-u17n-tyg1" }, { "vulnerability": "VCID-52qe-dast-tkhu" }, { "vulnerability": "VCID-7cef-z5qm-afd8" }, { "vulnerability": "VCID-amfu-8d25-juhy" }, { "vulnerability": "VCID-bj83-rx84-v3g9" }, { "vulnerability": "VCID-bqpn-m2fh-9kab" }, { "vulnerability": "VCID-c9mc-7nts-cfgy" }, { "vulnerability": "VCID-dss4-6ptr-83av" }, { "vulnerability": "VCID-e11g-k7zm-vkhu" }, { "vulnerability": "VCID-ebb6-b5tx-5bhf" }, { "vulnerability": "VCID-heu4-cd3d-73ck" }, { "vulnerability": "VCID-huph-y2xr-g3dk" }, { "vulnerability": "VCID-k8fr-zuyx-yyhg" }, { "vulnerability": "VCID-kd2v-rt9y-uqh7" }, { "vulnerability": "VCID-n1sj-dwab-j3ca" }, { "vulnerability": "VCID-rr79-famc-37a8" }, { "vulnerability": "VCID-vk15-7qdb-xkh9" }, { "vulnerability": "VCID-x373-rhh4-7khm" }, { "vulnerability": "VCID-xpa3-1n87-8ucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0263", "GHSA-xc85-32mf-xpv8", "OSV-89939" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1cf-9x6v-pyhw" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5" }