Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/85682?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/85682?format=api", "purl": "pkg:gem/rack@1.2.1", "type": "gem", "namespace": "", "name": "rack", "version": "1.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.2.23", "latest_non_vulnerable_version": "3.2.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22579?format=api", "vulnerability_id": "VCID-13d1-uyw3-6bb6", "summary": "Rack has a Directory Traversal via Rack:Directory\n`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31145", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22860" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/" } ], "url": "https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479", "reference_id": "1128479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440737", "reference_id": "2440737", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440737" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22860", "reference_id": "CVE-2026-22860", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22860" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml", "reference_id": "CVE-2026-22860.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml" }, { "reference_url": "https://github.com/advisories/GHSA-mxw3-3hh2-x2mh", "reference_id": "GHSA-mxw3-3hh2-x2mh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxw3-3hh2-x2mh" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh", "reference_id": "GHSA-mxw3-3hh2-x2mh", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh" }, { "reference_url": "https://usn.ubuntu.com/8066-1/", "reference_id": "USN-8066-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8066-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72855?format=api", "purl": "pkg:gem/rack@2.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/72856?format=api", "purl": "pkg:gem/rack@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/72857?format=api", "purl": "pkg:gem/rack@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5" } ], "aliases": [ "CVE-2026-22860", "GHSA-mxw3-3hh2-x2mh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13d1-uyw3-6bb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329853?format=api", "vulnerability_id": "VCID-1df5-44e8-13fm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12964", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34831", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454504", "reference_id": "2454504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454504" }, { "reference_url": "https://github.com/advisories/GHSA-q2ww-5357-x388", "reference_id": "GHSA-q2ww-5357-x388", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2ww-5357-x388" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34831", "GHSA-q2ww-5357-x388" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1df5-44e8-13fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16658?format=api", "vulnerability_id": "VCID-3j7s-n3zh-yka7", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48978", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44572" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/releases/tag/v3.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/releases/tag/v3.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml" }, { "reference_url": "https://hackerone.com/reports/1639882", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1639882" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5530", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832", "reference_id": "1029832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164722", "reference_id": "2164722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164722" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44572", "reference_id": "CVE-2022-44572", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44572" }, { "reference_url": "https://github.com/advisories/GHSA-rqv2-275x-2jq5", "reference_id": "GHSA-rqv2-275x-2jq5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqv2-275x-2jq5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" }, { "reference_url": "https://usn.ubuntu.com/5910-1/", "reference_id": "USN-5910-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5910-1/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62427?format=api", "purl": "pkg:gem/rack@2.0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62428?format=api", "purl": "pkg:gem/rack@2.1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62719?format=api", "purl": "pkg:gem/rack@2.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62727?format=api", "purl": "pkg:gem/rack@2.2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62430?format=api", "purl": "pkg:gem/rack@3.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1" } ], "aliases": [ "CVE-2022-44572", "GHSA-rqv2-275x-2jq5", "GMS-2023-66" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3j7s-n3zh-yka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/300853?format=api", "vulnerability_id": "VCID-4tt1-d8fp-5ub7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74511", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712" }, { "reference_url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3" }, { "reference_url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927", "reference_id": "1104927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966", "reference_id": "2364966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "GHSA-gjh7-p2fx-99vx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7604", "reference_id": "RHSA-2025:7604", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7604" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7605", "reference_id": "RHSA-2025:7605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8254", "reference_id": "RHSA-2025:8254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8256", "reference_id": "RHSA-2025:8256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8279", "reference_id": "RHSA-2025:8279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8288", "reference_id": "RHSA-2025:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8289", "reference_id": "RHSA-2025:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8290", "reference_id": "RHSA-2025:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8291", "reference_id": "RHSA-2025:8291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8319", "reference_id": "RHSA-2025:8319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8322", "reference_id": "RHSA-2025:8322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8323", "reference_id": "RHSA-2025:8323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/7507-1/", "reference_id": "USN-7507-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7507-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/166050?format=api", "purl": "pkg:gem/rack@2.2.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/166057?format=api", "purl": "pkg:gem/rack@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/166063?format=api", "purl": "pkg:gem/rack@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14" } ], "aliases": [ "CVE-2025-46727", "GHSA-gjh7-p2fx-99vx" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tt1-d8fp-5ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/141099?format=api", "vulnerability_id": "VCID-5ut7-vqx4-kfag", "summary": "", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75906", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/12/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/12/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/12/19/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/08/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789100", "reference_id": "1789100", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789100" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983", "reference_id": "946983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782", "reference_id": "CVE-2019-16782", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml", "reference_id": "CVE-2019-16782.YML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml" }, { "reference_url": "https://github.com/advisories/GHSA-hrqr-hxpp-chr3", "reference_id": "GHSA-hrqr-hxpp-chr3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrqr-hxpp-chr3" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3", "reference_id": "GHSA-hrqr-hxpp-chr3", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2480", "reference_id": "RHSA-2020:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" }, { "reference_url": "https://usn.ubuntu.com/USN-5253-1/", "reference_id": "USN-USN-5253-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5253-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74488?format=api", "purl": "pkg:gem/rack@1.6.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/151694?format=api", "purl": "pkg:gem/rack@2.0.0.alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/74489?format=api", "purl": "pkg:gem/rack@2.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8" } ], "aliases": [ "CVE-2019-16782", "GHSA-hrqr-hxpp-chr3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ut7-vqx4-kfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20365?format=api", "vulnerability_id": "VCID-64cf-ysff-u7bt", "summary": "Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2865", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628", "reference_id": "1117628", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175", "reference_id": "2402175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771", "reference_id": "CVE-2025-61771", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml", "reference_id": "CVE-2025-61771.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml" }, { "reference_url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69552?format=api", "purl": "pkg:gem/rack@2.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/69553?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/69554?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61771", "GHSA-w9pc-fmgc-vxvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64cf-ysff-u7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10334?format=api", "vulnerability_id": "VCID-6sw3-ggbt-sbfp", "summary": "Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79752", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909072" }, { "reference_url": "https://gist.github.com/rentzsch/4736940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/rentzsch/4736940" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56" }, { "reference_url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173", "reference_id": "700173", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262", "reference_id": "CVE-2013-0262", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0262" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml", "reference_id": "CVE-2013-0262.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml" }, { "reference_url": "https://github.com/advisories/GHSA-85r7-w5mv-c849", "reference_id": "GHSA-85r7-w5mv-c849", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85r7-w5mv-c849" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50266?format=api", "purl": "pkg:gem/rack@1.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/86362?format=api", "purl": "pkg:gem/rack@1.5.0.beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50267?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0262", "GHSA-85r7-w5mv-c849", "OSV-89938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sw3-ggbt-sbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20375?format=api", "vulnerability_id": "VCID-7jqg-1whb-4kdw", "summary": "Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00324", "scoring_system": "epss", "scoring_elements": "0.55649", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200", "reference_id": "2402200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772", "reference_id": "CVE-2025-61772", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml", "reference_id": "CVE-2025-61772.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml" }, { "reference_url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69552?format=api", "purl": "pkg:gem/rack@2.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/69553?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/69554?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61772", "GHSA-wpv5-97wm-hp9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jqg-1whb-4kdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324594?format=api", "vulnerability_id": "VCID-8qm9-xj5y-wycp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02913", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26961", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454483", "reference_id": "2454483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454483" }, { "reference_url": "https://github.com/advisories/GHSA-vgpv-f759-9wx3", "reference_id": "GHSA-vgpv-f759-9wx3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vgpv-f759-9wx3" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-26961", "GHSA-vgpv-f759-9wx3" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qm9-xj5y-wycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20376?format=api", "vulnerability_id": "VCID-8txn-z2vt-7kex", "summary": "Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50221", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174", "reference_id": "2402174", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770", "reference_id": "CVE-2025-61770", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml", "reference_id": "CVE-2025-61770.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69552?format=api", "purl": "pkg:gem/rack@2.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/69553?format=api", "purl": "pkg:gem/rack@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/69554?format=api", "purl": "pkg:gem/rack@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2" } ], "aliases": [ "CVE-2025-61770", "GHSA-p543-xpfm-54cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8txn-z2vt-7kex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10352?format=api", "vulnerability_id": "VCID-9bdj-3uav-5ug1", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nmultipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rack.github.com" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83204", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895282" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" }, { "reference_url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" }, { "reference_url": "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs" }, { "reference_url": "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0183", "reference_id": "CVE-2013-0183", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0183" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183", "reference_id": "CVE-2013-0183", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0183" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml", "reference_id": "CVE-2013-0183.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3pxh-h8hw-mj8w", "reference_id": "GHSA-3pxh-h8hw-mj8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pxh-h8hw-mj8w" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73745?format=api", "purl": "pkg:gem/rack@1.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/50310?format=api", "purl": "pkg:gem/rack@1.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.3" } ], "aliases": [ "CVE-2013-0183", "GHSA-3pxh-h8hw-mj8w", "OSV-89320" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bdj-3uav-5ug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302551?format=api", "vulnerability_id": "VCID-9qjs-6tck-47bh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68878", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f" }, { "reference_url": "https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363", "reference_id": "1107363", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370346", "reference_id": "2370346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370346" }, { "reference_url": "https://github.com/advisories/GHSA-47m2-26rw-j2jw", "reference_id": "GHSA-47m2-26rw-j2jw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-47m2-26rw-j2jw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/166065?format=api", "purl": "pkg:gem/rack@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16" } ], "aliases": [ "CVE-2025-49007", "GHSA-47m2-26rw-j2jw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qjs-6tck-47bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329373?format=api", "vulnerability_id": "VCID-9vf4-tu5u-f3en", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06597", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34230", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454493", "reference_id": "2454493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454493" }, { "reference_url": "https://github.com/advisories/GHSA-v569-hp3g-36wr", "reference_id": "GHSA-v569-hp3g-36wr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v569-hp3g-36wr" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34230", "GHSA-v569-hp3g-36wr" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vf4-tu5u-f3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10351?format=api", "vulnerability_id": "VCID-b7n5-juw8-3ygj", "summary": "Uncontrolled Resource Consumption\nUnspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0548", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0548" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71859", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0184", "reference_id": "CVE-2013-0184", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0184" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184", "reference_id": "CVE-2013-0184", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0184" }, { "reference_url": "https://github.com/advisories/GHSA-v882-ccj6-jc48", "reference_id": "GHSA-v882-ccj6-jc48", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v882-ccj6-jc48" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76772?format=api", "purl": "pkg:gem/rack@1.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/50117?format=api", "purl": "pkg:gem/rack@1.3.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-d9s8-qxn1-eycz" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/76771?format=api", "purl": "pkg:gem/rack@1.3.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/50311?format=api", "purl": "pkg:gem/rack@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/86362?format=api", "purl": "pkg:gem/rack@1.5.0.beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1" } ], "aliases": [ "CVE-2013-0184", "GHSA-v882-ccj6-jc48", "OSV-89327" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7n5-juw8-3ygj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289873?format=api", "vulnerability_id": "VCID-b83y-urzk-jqey", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75436", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53" }, { "reference_url": "https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b" }, { "reference_url": "https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27111", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546", "reference_id": "1099546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349810", "reference_id": "2349810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349810" }, { "reference_url": "https://github.com/advisories/GHSA-8cgq-6mh2-7j6v", "reference_id": "GHSA-8cgq-6mh2-7j6v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8cgq-6mh2-7j6v" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/166048?format=api", "purl": "pkg:gem/rack@2.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/166054?format=api", "purl": "pkg:gem/rack@3.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/166060?format=api", "purl": "pkg:gem/rack@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11" } ], "aliases": [ "CVE-2025-27111", "GHSA-8cgq-6mh2-7j6v" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b83y-urzk-jqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10698?format=api", "vulnerability_id": "VCID-cmq3-1jzb-1fae", "summary": "Potential Denial of Service Vulnerability\nCarefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/14" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13251", "scoring_system": "epss", "scoring_elements": "0.94269", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/HISTORY.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/HISTORY.md" }, { "reference_url": "https://github.com/rack/rack/commits/1.4.6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/commits/1.4.6" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3322", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3322" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292", "reference_id": "1232292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311", "reference_id": "789311", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225", "reference_id": "CVE-2015-3225", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml", "reference_id": "CVE-2015-3225.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml" }, { "reference_url": "https://github.com/advisories/GHSA-rgr4-9jh5-j4j6", "reference_id": "GHSA-rgr4-9jh5-j4j6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgr4-9jh5-j4j6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2290", "reference_id": "RHSA-2015:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2290" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51262?format=api", "purl": "pkg:gem/rack@1.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/86362?format=api", "purl": "pkg:gem/rack@1.5.0.beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/51263?format=api", "purl": "pkg:gem/rack@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/92660?format=api", "purl": "pkg:gem/rack@1.6.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/51264?format=api", "purl": "pkg:gem/rack@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-v4fe-p2td-37hq" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2" } ], "aliases": [ "CVE-2015-3225", "GHSA-rgr4-9jh5-j4j6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmq3-1jzb-1fae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19567?format=api", "vulnerability_id": "VCID-d4up-ujtj-t7g1", "summary": "Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)\n### Summary\n\n```ruby\nmodule Rack\n class MediaType\n SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\n\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63949", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25126" }, { "reference_url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462" }, { "reference_url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265593", "reference_id": "2265593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265593" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25126", "reference_id": "CVE-2024-25126", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25126" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml", "reference_id": "CVE-2024-25126.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml" }, { "reference_url": "https://github.com/advisories/GHSA-22f2-v57c-j9cx", "reference_id": "GHSA-22f2-v57c-j9cx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22f2-v57c-j9cx" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx", "reference_id": "GHSA-22f2-v57c-j9cx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0005/", "reference_id": "ntap-20240510-0005", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67996?format=api", "purl": "pkg:gem/rack@2.2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67995?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-25126", "GHSA-22f2-v57c-j9cx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4up-ujtj-t7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10273?format=api", "vulnerability_id": "VCID-d9s8-qxn1-eycz", "summary": "Hash Collision Form Parameter Parsing Remote DoS\nThis package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.", "references": [ { "reference_url": "http://osvdb.org/show/osvdb/78121", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/show/osvdb/78121" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79877", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-5036" }, { "reference_url": "https://gist.github.com/52bbc6b9cc19ce330829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/52bbc6b9cc19ce330829" }, { "reference_url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5036" }, { "reference_url": "https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1" }, { "reference_url": "https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "http://www.kb.cert.org/vuls/id/903934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/903934" }, { "reference_url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963", "reference_id": "653963", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963" }, { "reference_url": "https://security.gentoo.org/glsa/201203-05", "reference_id": "GLSA-201203-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50119?format=api", "purl": "pkg:gem/rack@1.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/50117?format=api", "purl": "pkg:gem/rack@1.3.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-d9s8-qxn1-eycz" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/50120?format=api", "purl": "pkg:gem/rack@1.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/50121?format=api", "purl": "pkg:gem/rack@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.0" } ], "aliases": [ "CVE-2011-5036", "GHSA-v6j3-7jrw-hq2p", "OSV-78121" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9s8-qxn1-eycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19571?format=api", "vulnerability_id": "VCID-dsxp-jp3h-g3br", "summary": "Rack has possible DoS Vulnerability with Range Header\n# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected: >= 1.3.0.\nNot affected: < 1.3.0\nFixed Versions: 3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6162", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26141" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9" }, { "reference_url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265594", "reference_id": "2265594", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265594" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26141", "reference_id": "CVE-2024-26141", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26141" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml", "reference_id": "CVE-2024-26141.YML", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xj5v-6v4g-jfw6", "reference_id": "GHSA-xj5v-6v4g-jfw6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj5v-6v4g-jfw6" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6", "reference_id": "GHSA-xj5v-6v4g-jfw6", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0007/", "reference_id": "ntap-20240510-0007", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6689-1/", "reference_id": "USN-6689-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6689-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67996?format=api", "purl": "pkg:gem/rack@2.2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67995?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-26141", "GHSA-xj5v-6v4g-jfw6" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsxp-jp3h-g3br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20294?format=api", "vulnerability_id": "VCID-e3dc-w7sc-9kaj", "summary": "Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters\n`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31744", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/" } ], "url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431", "reference_id": "1116431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167", "reference_id": "2398167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830", "reference_id": "CVE-2025-59830", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830" }, { "reference_url": "https://github.com/advisories/GHSA-625h-95r8-8xpm", "reference_id": "GHSA-625h-95r8-8xpm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-625h-95r8-8xpm" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm", "reference_id": "GHSA-625h-95r8-8xpm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19832", "reference_id": "RHSA-2025:19832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19855", "reference_id": "RHSA-2025:19855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19856", "reference_id": "RHSA-2025:19856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://usn.ubuntu.com/7784-1/", "reference_id": "USN-7784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7784-1/" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69448?format=api", "purl": "pkg:gem/rack@2.2.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" } ], "aliases": [ "CVE-2025-59830", "GHSA-625h-95r8-8xpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3dc-w7sc-9kaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17071?format=api", "vulnerability_id": "VCID-et6j-8edn-sfac", "summary": "Rack has possible DoS Vulnerability in Multipart MIME parsing\nThere is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01982", "scoring_system": "epss", "scoring_elements": "0.83871", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27530" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231208-0015", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231208-0015" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5530", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803", "reference_id": "1032803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176477", "reference_id": "2176477", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176477" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27530", "reference_id": "CVE-2023-27530", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27530" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml", "reference_id": "CVE-2023-27530.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3h57-hmj3-gj3p", "reference_id": "GHSA-3h57-hmj3-gj3p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3h57-hmj3-gj3p" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231208-0015/", "reference_id": "ntap-20231208-0015", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231208-0015/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1961", "reference_id": "RHSA-2023:1961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1981", "reference_id": "RHSA-2023:1981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2652", "reference_id": "RHSA-2023:2652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3082", "reference_id": "RHSA-2023:3082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3403", "reference_id": "RHSA-2023:3403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6905-1/", "reference_id": "USN-6905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6905-1/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63110?format=api", "purl": "pkg:gem/rack@2.0.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63111?format=api", "purl": "pkg:gem/rack@2.1.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63112?format=api", "purl": "pkg:gem/rack@2.2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63113?format=api", "purl": "pkg:gem/rack@3.0.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.2" } ], "aliases": [ "CVE-2023-27530", "GHSA-3h57-hmj3-gj3p", "GMS-2023-663" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-et6j-8edn-sfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/290302?format=api", "vulnerability_id": "VCID-f988-s2s1-fuas", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.8334", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27610" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/" } ], "url": "https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27610", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27610" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444", "reference_id": "1100444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351231", "reference_id": "2351231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351231" }, { "reference_url": "https://github.com/advisories/GHSA-7wqh-767x-r66v", "reference_id": "GHSA-7wqh-767x-r66v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7wqh-767x-r66v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3448", "reference_id": "RHSA-2025:3448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3490", "reference_id": "RHSA-2025:3490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3491", "reference_id": "RHSA-2025:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3492", "reference_id": "RHSA-2025:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3906", "reference_id": "RHSA-2025:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4576", "reference_id": "RHSA-2025:4576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4576" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/166049?format=api", "purl": "pkg:gem/rack@2.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/166055?format=api", "purl": "pkg:gem/rack@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/166061?format=api", "purl": "pkg:gem/rack@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12" } ], "aliases": [ "CVE-2025-27610", "GHSA-7wqh-767x-r66v" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f988-s2s1-fuas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329808?format=api", "vulnerability_id": "VCID-gjh6-2gkm-6ubs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14795", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34785", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34785" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454486", "reference_id": "2454486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454486" }, { "reference_url": "https://github.com/advisories/GHSA-h2jq-g4cq-5ppq", "reference_id": "GHSA-h2jq-g4cq-5ppq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2jq-g4cq-5ppq" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34785", "GHSA-h2jq-g4cq-5ppq" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjh6-2gkm-6ubs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329848?format=api", "vulnerability_id": "VCID-jv2b-zg52-cqbm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06103", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34826" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34826", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454508", "reference_id": "2454508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454508" }, { "reference_url": "https://github.com/advisories/GHSA-x8cg-fq8g-mxfx", "reference_id": "GHSA-x8cg-fq8g-mxfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8cg-fq8g-mxfx" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34826", "GHSA-x8cg-fq8g-mxfx" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jv2b-zg52-cqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259303?format=api", "vulnerability_id": "VCID-kake-zbut-cqdk", "summary": "", "references": [ { "reference_url": "https://advisory.dw1.io/61", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://advisory.dw1.io/61" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.74907", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39316", "reference_id": "CVE-2024-39316", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39316" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml", "reference_id": "CVE-2024-39316.YML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://github.com/advisories/GHSA-cj83-2ww7-mvq7", "reference_id": "GHSA-cj83-2ww7-mvq7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj83-2ww7-mvq7" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7", "reference_id": "GHSA-cj83-2ww7-mvq7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81941?format=api", "purl": "pkg:gem/rack@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.5" } ], "aliases": [ "CVE-2024-39316", "GHSA-cj83-2ww7-mvq7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kake-zbut-cqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20417?format=api", "vulnerability_id": "VCID-kjyv-r8rk-rqd3", "summary": "Rack has a Possible Information Disclosure Vulnerability\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01464", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784" }, { "reference_url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a" }, { "reference_url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855", "reference_id": "1117855", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126", "reference_id": "2403126", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780", "reference_id": "CVE-2025-61780", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml", "reference_id": "CVE-2025-61780.YML", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69613?format=api", "purl": "pkg:gem/rack@2.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/69614?format=api", "purl": "pkg:gem/rack@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69615?format=api", "purl": "pkg:gem/rack@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3" } ], "aliases": [ "CVE-2025-61780", "GHSA-r657-rxjc-j557" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjyv-r8rk-rqd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329809?format=api", "vulnerability_id": "VCID-md6q-ft6s-f7as", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13762", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34786", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34786" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454507", "reference_id": "2454507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454507" }, { "reference_url": "https://github.com/advisories/GHSA-q4qf-9j86-f5mh", "reference_id": "GHSA-q4qf-9j86-f5mh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4qf-9j86-f5mh" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34786", "GHSA-q4qf-9j86-f5mh" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md6q-ft6s-f7as" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166948?format=api", "vulnerability_id": "VCID-nkmg-x715-nyd9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00907", "scoring_system": "epss", "scoring_elements": "0.76111", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/4561-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4561-1" }, { "reference_url": "https://usn.ubuntu.com/4561-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4561-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838281", "reference_id": "1838281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838281" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8161", "reference_id": "CVE-2020-8161", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8161" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml", "reference_id": "CVE-2020-8161.YML", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml" }, { "reference_url": "https://github.com/advisories/GHSA-5f9h-9pjv-v6j7", "reference_id": "GHSA-5f9h-9pjv-v6j7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f9h-9pjv-v6j7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" }, { "reference_url": "https://usn.ubuntu.com/4561-2/", "reference_id": "USN-4561-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4561-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75055?format=api", "purl": "pkg:gem/rack@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/62718?format=api", "purl": "pkg:gem/rack@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.0" } ], "aliases": [ "CVE-2020-8161", "GHSA-5f9h-9pjv-v6j7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkmg-x715-nyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17094?format=api", "vulnerability_id": "VCID-peyq-bpa7-zkaj", "summary": "Possible Denial of Service Vulnerability in Rack’s header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58732", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27539" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c" }, { "reference_url": "https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231208-0016", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231208-0016" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5530", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264", "reference_id": "1033264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179649", "reference_id": "2179649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539", "reference_id": "CVE-2023-27539", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27539" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml", "reference_id": "CVE-2023-27539.YML", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml" }, { "reference_url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp", "reference_id": "GHSA-c6qg-cjj8-47qp", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231208-0016/", "reference_id": "ntap-20231208-0016", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231208-0016/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1953", "reference_id": "RHSA-2023:1953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1961", "reference_id": "RHSA-2023:1961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1981", "reference_id": "RHSA-2023:1981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2652", "reference_id": "RHSA-2023:2652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3082", "reference_id": "RHSA-2023:3082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3403", "reference_id": "RHSA-2023:3403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3495", "reference_id": "RHSA-2023:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" }, { "reference_url": "https://usn.ubuntu.com/6689-1/", "reference_id": "USN-6689-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6689-1/" }, { "reference_url": "https://usn.ubuntu.com/6905-1/", "reference_id": "USN-6905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6905-1/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63147?format=api", "purl": "pkg:gem/rack@2.2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/63148?format=api", "purl": "pkg:gem/rack@3.0.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1" } ], "aliases": [ "CVE-2023-27539", "GHSA-c6qg-cjj8-47qp", "GMS-2023-769" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-peyq-bpa7-zkaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20413?format=api", "vulnerability_id": "VCID-q17h-k4dc-rka5", "summary": "Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51775", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881" }, { "reference_url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db" }, { "reference_url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856", "reference_id": "1117856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180", "reference_id": "2403180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919", "reference_id": "CVE-2025-61919", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml", "reference_id": "CVE-2025-61919.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19832", "reference_id": "RHSA-2025:19832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19855", "reference_id": "RHSA-2025:19855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19856", "reference_id": "RHSA-2025:19856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69613?format=api", "purl": "pkg:gem/rack@2.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/69614?format=api", "purl": "pkg:gem/rack@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69615?format=api", "purl": "pkg:gem/rack@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3" } ], "aliases": [ "CVE-2025-61919", "GHSA-6xw4-3v39-52mm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q17h-k4dc-rka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19566?format=api", "vulnerability_id": "VCID-qntj-y8n6-buh7", "summary": "Rack Header Parsing leads to Possible Denial of Service Vulnerability\n# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack. This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected: All.\nNot affected: None\nFixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.73912", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26146" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716" }, { "reference_url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582" }, { "reference_url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f" }, { "reference_url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516", "reference_id": "1064516", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265595", "reference_id": "2265595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265595" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26146", "reference_id": "CVE-2024-26146", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26146" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml", "reference_id": "CVE-2024-26146.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml" }, { "reference_url": "https://github.com/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f", "reference_id": "GHSA-54rr-7fvw-6x8f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0006/", "reference_id": "ntap-20240510-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1841", "reference_id": "RHSA-2024:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1846", "reference_id": "RHSA-2024:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2007", "reference_id": "RHSA-2024:2007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2113", "reference_id": "RHSA-2024:2113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2581", "reference_id": "RHSA-2024:2581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2581" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2584", "reference_id": "RHSA-2024:2584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2953", "reference_id": "RHSA-2024:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3431", "reference_id": "RHSA-2024:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3431" }, { "reference_url": "https://usn.ubuntu.com/6689-1/", "reference_id": "USN-6689-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6689-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-1/", "reference_id": "USN-6837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-1/" }, { "reference_url": "https://usn.ubuntu.com/6837-2/", "reference_id": "USN-6837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6837-2/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67998?format=api", "purl": "pkg:gem/rack@2.0.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/67997?format=api", "purl": "pkg:gem/rack@2.1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/67996?format=api", "purl": "pkg:gem/rack@2.2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67995?format=api", "purl": "pkg:gem/rack@3.0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1" } ], "aliases": [ "CVE-2024-26146", "GHSA-54rr-7fvw-6x8f" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qntj-y8n6-buh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329852?format=api", "vulnerability_id": "VCID-tsrj-694r-57dj", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14795", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34830", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454510", "reference_id": "2454510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454510" }, { "reference_url": "https://github.com/advisories/GHSA-qv7j-4883-hwh7", "reference_id": "GHSA-qv7j-4883-hwh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv7j-4883-hwh7" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34830", "GHSA-qv7j-4883-hwh7" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tsrj-694r-57dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288764?format=api", "vulnerability_id": "VCID-u3e3-y6dy-4yc7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01345", "scoring_system": "epss", "scoring_elements": "0.8036", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25184" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/" } ], "url": "https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25184", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25184" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257", "reference_id": "1098257", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345301", "reference_id": "2345301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345301" }, { "reference_url": "https://github.com/advisories/GHSA-7g2v-jj9q-g3rg", "reference_id": "GHSA-7g2v-jj9q-g3rg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7g2v-jj9q-g3rg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1985", "reference_id": "RHSA-2025:1985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7085", "reference_id": "RHSA-2025:7085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7085" }, { "reference_url": "https://usn.ubuntu.com/7366-1/", "reference_id": "USN-7366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-1/" }, { "reference_url": "https://usn.ubuntu.com/7366-2/", "reference_id": "USN-7366-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7366-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/165966?format=api", "purl": "pkg:gem/rack@2.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/72853?format=api", "purl": "pkg:gem/rack@3.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/165967?format=api", "purl": "pkg:gem/rack@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/165971?format=api", "purl": "pkg:gem/rack@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10" } ], "aliases": [ "CVE-2025-25184", "GHSA-7g2v-jj9q-g3rg" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3e3-y6dy-4yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10349?format=api", "vulnerability_id": "VCID-vhcq-vn9g-gqam", "summary": "Uncontrolled Resource Consumption\nlib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.", "references": [ { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0544" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00828", "scoring_system": "epss", "scoring_elements": "0.74818", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/master/README.rdoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/blob/master/README.rdoc" }, { "reference_url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5" }, { "reference_url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440", "reference_id": "698440", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-6109", "reference_id": "CVE-2012-6109", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-6109" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109", "reference_id": "CVE-2012-6109", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml", "reference_id": "CVE-2012-6109.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h77x-m5q8-c29h", "reference_id": "GHSA-h77x-m5q8-c29h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h77x-m5q8-c29h" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73743?format=api", "purl": "pkg:gem/rack@1.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/50117?format=api", "purl": "pkg:gem/rack@1.3.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-d9s8-qxn1-eycz" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/73750?format=api", "purl": "pkg:gem/rack@1.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/50306?format=api", "purl": "pkg:gem/rack@1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.2" } ], "aliases": [ "CVE-2012-6109", "GHSA-h77x-m5q8-c29h", "OSV-89317" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhcq-vn9g-gqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10333?format=api", "vulnerability_id": "VCID-w8jj-mq1q-gqhd", "summary": "Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rack.github.com/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rack.github.com/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16071", "scoring_system": "epss", "scoring_elements": "0.94898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0263" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909071" }, { "reference_url": "https://gist.github.com/codahale/f9f3781f7b54985bee94", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/codahale/f9f3781f7b54985bee94" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07" }, { "reference_url": "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11" }, { "reference_url": "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2783", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226", "reference_id": "700226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0263", "reference_id": "CVE-2013-0263", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0263" }, { "reference_url": "https://github.com/advisories/GHSA-xc85-32mf-xpv8", "reference_id": "GHSA-xc85-32mf-xpv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc85-32mf-xpv8" }, { "reference_url": "https://security.gentoo.org/glsa/201405-10", "reference_id": "GLSA-201405-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50264?format=api", "purl": "pkg:gem/rack@1.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/50117?format=api", "purl": "pkg:gem/rack@1.3.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-d9s8-qxn1-eycz" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/50265?format=api", "purl": "pkg:gem/rack@1.3.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9bdj-3uav-5ug1" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-vhcq-vn9g-gqam" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/50266?format=api", "purl": "pkg:gem/rack@1.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/86362?format=api", "purl": "pkg:gem/rack@1.5.0.beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-6sw3-ggbt-sbfp" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b7n5-juw8-3ygj" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-w8jj-mq1q-gqhd" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/50267?format=api", "purl": "pkg:gem/rack@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-5ut7-vqx4-kfag" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-cmq3-1jzb-1fae" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zgwm-n3pd-qyh7" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2" } ], "aliases": [ "CVE-2013-0263", "GHSA-xc85-32mf-xpv8", "OSV-89939" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8jj-mq1q-gqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16650?format=api", "vulnerability_id": "VCID-wdtk-9kx3-27eg", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02825", "scoring_system": "epss", "scoring_elements": "0.86421", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44571" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/releases/tag/v3.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/releases/tag/v3.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5530", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832", "reference_id": "1029832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164714", "reference_id": "2164714", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164714" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44571", "reference_id": "CVE-2022-44571", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44571" }, { "reference_url": "https://github.com/advisories/GHSA-93pm-5p5f-3ghx", "reference_id": "GHSA-93pm-5p5f-3ghx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93pm-5p5f-3ghx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" }, { "reference_url": "https://usn.ubuntu.com/5910-1/", "reference_id": "USN-5910-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5910-1/" }, { "reference_url": "https://usn.ubuntu.com/7036-1/", "reference_id": "USN-7036-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7036-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62427?format=api", "purl": "pkg:gem/rack@2.0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62428?format=api", "purl": "pkg:gem/rack@2.1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/62727?format=api", "purl": "pkg:gem/rack@2.2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62430?format=api", "purl": "pkg:gem/rack@3.0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1" } ], "aliases": [ "CVE-2022-44571", "GHSA-93pm-5p5f-3ghx", "GMS-2023-65" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdtk-9kx3-27eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329851?format=api", "vulnerability_id": "VCID-xrc5-979n-tyfh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20369", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34829" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34829", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454488", "reference_id": "2454488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454488" }, { "reference_url": "https://github.com/advisories/GHSA-8vqr-qjwx-82mw", "reference_id": "GHSA-8vqr-qjwx-82mw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vqr-qjwx-82mw" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34829", "GHSA-8vqr-qjwx-82mw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrc5-979n-tyfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22565?format=api", "vulnerability_id": "VCID-xz8w-wefz-bffs", "summary": "Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25500" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/" } ], "url": "https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480", "reference_id": "1128480", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440738", "reference_id": "2440738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440738" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500", "reference_id": "CVE-2026-25500", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml", "reference_id": "CVE-2026-25500.YML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml" }, { "reference_url": "https://github.com/advisories/GHSA-whrj-4476-wvmp", "reference_id": "GHSA-whrj-4476-wvmp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whrj-4476-wvmp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp", "reference_id": "GHSA-whrj-4476-wvmp", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp" }, { "reference_url": "https://usn.ubuntu.com/8066-1/", "reference_id": "USN-8066-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8066-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72855?format=api", "purl": "pkg:gem/rack@2.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/72856?format=api", "purl": "pkg:gem/rack@3.1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/72857?format=api", "purl": "pkg:gem/rack@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-fumx-t77w-jyhj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-prpy-7zzn-yuay" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-z8ee-twnu-9yc9" }, { "vulnerability": "VCID-zfk1-4k4w-1ycp" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5" } ], "aliases": [ "CVE-2026-25500", "GHSA-whrj-4476-wvmp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz8w-wefz-bffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/294192?format=api", "vulnerability_id": "VCID-ysap-egn2-5qcu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26512", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32441" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270" }, { "reference_url": "https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g" }, { "reference_url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32441", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364965", "reference_id": "2364965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364965" }, { "reference_url": "https://github.com/advisories/GHSA-vpfw-47h7-xj4g", "reference_id": "GHSA-vpfw-47h7-xj4g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vpfw-47h7-xj4g" }, { "reference_url": "https://usn.ubuntu.com/7507-1/", "reference_id": "USN-7507-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7507-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/166050?format=api", "purl": "pkg:gem/rack@2.2.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14" } ], "aliases": [ "CVE-2025-32441", "GHSA-vpfw-47h7-xj4g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysap-egn2-5qcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166969?format=api", "vulnerability_id": "VCID-zgwm-n3pd-qyh7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.7454", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8184" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak" }, { "reference_url": "https://hackerone.com/reports/895727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/895727" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/4561-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4561-1" }, { "reference_url": "https://usn.ubuntu.com/4561-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4561-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849141", "reference_id": "1849141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477", "reference_id": "963477", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8184", "reference_id": "CVE-2020-8184", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8184" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml", "reference_id": "CVE-2020-8184.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml" }, { "reference_url": "https://github.com/advisories/GHSA-j6w9-fv6q-3q52", "reference_id": "GHSA-j6w9-fv6q-3q52", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6w9-fv6q-3q52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" }, { "reference_url": "https://usn.ubuntu.com/4561-2/", "reference_id": "USN-4561-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4561-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5253-1/", "reference_id": "USN-USN-5253-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5253-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75025?format=api", "purl": "pkg:gem/rack@2.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-nkmg-x715-nyd9" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75026?format=api", "purl": "pkg:gem/rack@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13d1-uyw3-6bb6" }, { "vulnerability": "VCID-1df5-44e8-13fm" }, { "vulnerability": "VCID-3j7s-n3zh-yka7" }, { "vulnerability": "VCID-4tt1-d8fp-5ub7" }, { "vulnerability": "VCID-64cf-ysff-u7bt" }, { "vulnerability": "VCID-7jqg-1whb-4kdw" }, { "vulnerability": "VCID-8qm9-xj5y-wycp" }, { "vulnerability": "VCID-8txn-z2vt-7kex" }, { "vulnerability": "VCID-9qjs-6tck-47bh" }, { "vulnerability": "VCID-9vf4-tu5u-f3en" }, { "vulnerability": "VCID-b83y-urzk-jqey" }, { "vulnerability": "VCID-d4up-ujtj-t7g1" }, { "vulnerability": "VCID-dsxp-jp3h-g3br" }, { "vulnerability": "VCID-e3dc-w7sc-9kaj" }, { "vulnerability": "VCID-et6j-8edn-sfac" }, { "vulnerability": "VCID-f988-s2s1-fuas" }, { "vulnerability": "VCID-gjh6-2gkm-6ubs" }, { "vulnerability": "VCID-jv2b-zg52-cqbm" }, { "vulnerability": "VCID-kake-zbut-cqdk" }, { "vulnerability": "VCID-kjyv-r8rk-rqd3" }, { "vulnerability": "VCID-md6q-ft6s-f7as" }, { "vulnerability": "VCID-peyq-bpa7-zkaj" }, { "vulnerability": "VCID-q17h-k4dc-rka5" }, { "vulnerability": "VCID-qntj-y8n6-buh7" }, { "vulnerability": "VCID-tdz9-czjp-4fcg" }, { "vulnerability": "VCID-tsrj-694r-57dj" }, { "vulnerability": "VCID-u3e3-y6dy-4yc7" }, { "vulnerability": "VCID-wdtk-9kx3-27eg" }, { "vulnerability": "VCID-xrc5-979n-tyfh" }, { "vulnerability": "VCID-xz8w-wefz-bffs" }, { "vulnerability": "VCID-ysap-egn2-5qcu" }, { "vulnerability": "VCID-zrbq-bky2-cfft" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3" } ], "aliases": [ "CVE-2020-8184", "GHSA-j6w9-fv6q-3q52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgwm-n3pd-qyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329786?format=api", "vulnerability_id": "VCID-zrbq-bky2-cfft", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12964", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454498", "reference_id": "2454498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454498" }, { "reference_url": "https://github.com/advisories/GHSA-7mqq-6cf9-v2qp", "reference_id": "GHSA-7mqq-6cf9-v2qp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mqq-6cf9-v2qp" }, { "reference_url": "https://usn.ubuntu.com/8182-1/", "reference_id": "USN-8182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188446?format=api", "purl": "pkg:gem/rack@2.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/188447?format=api", "purl": "pkg:gem/rack@3.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/188448?format=api", "purl": "pkg:gem/rack@3.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6" } ], "aliases": [ "CVE-2026-34763", "GHSA-7mqq-6cf9-v2qp" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbq-bky2-cfft" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.1" }