Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ruby-rack@1.4.0-1?distro=trixie

Type deb

Namespace debian

Name ruby-rack

Version 1.4.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.4.1-2.1

Latest_non_vulnerable_version 3.2.6-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-ge4d-a8z8-m3c6

vulnerability_id VCID-ge4d-a8z8-m3c6

summary

Hash Collision Form Parameter Parsing Remote DoS
This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

references

reference_url	http://osvdb.org/show/osvdb/78121
reference_id
reference_type
scores
url	http://osvdb.org/show/osvdb/78121

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5036.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5036.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-5036

reference_id

reference_type

scores

value	0.01278
scoring_system	epss
scoring_elements	0.79537
published_at	2026-04-04T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.7959
published_at	2026-04-21T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79585
published_at	2026-04-18T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79587
published_at	2026-04-16T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79557
published_at	2026-04-13T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79524
published_at	2026-04-07T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79565
published_at	2026-04-12T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79581
published_at	2026-04-11T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79559
published_at	2026-04-09T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79508
published_at	2026-04-01T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79515
published_at	2026-04-02T12:55:00Z

value	0.01278
scoring_system	epss
scoring_elements	0.79552
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-5036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036

reference_url

https://gist.github.com/52bbc6b9cc19ce330829

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/52bbc6b9cc19ce330829

reference_url	https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228
reference_id
reference_type
scores
url	https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-5036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-5036

reference_url

https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1

reference_url

https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

reference_url

http://www.debian.org/security/2013/dsa-2783

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2783

reference_url

http://www.kb.cert.org/vuls/id/903934

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/903934

reference_url

http://www.nruns.com/_downloads/advisory28122011.pdf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.nruns.com/_downloads/advisory28122011.pdf

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963
reference_id	653963
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=771149
reference_id	771149
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=771149

reference_url

http://www.ocert.org/advisories/ocert-2011-003.html

reference_id

CVE-2011-4885;OSVDB-78115

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ocert.org/advisories/ocert-2011-003.html

reference_url

https://github.com/advisories/GHSA-v6j3-7jrw-hq2p

reference_id

GHSA-v6j3-7jrw-hq2p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6j3-7jrw-hq2p

reference_url	https://security.gentoo.org/glsa/201203-05
reference_id	GLSA-201203-05
reference_type
scores
url	https://security.gentoo.org/glsa/201203-05

fixed_packages

url	pkg:deb/debian/ruby-rack@1.4.0-1?distro=trixie
purl	pkg:deb/debian/ruby-rack@1.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@1.4.0-1%3Fdistro=trixie

url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1j61-5e8x-7fbd

vulnerability	VCID-2p73-rc9t-rudb

vulnerability	VCID-2qba-a6bp-ryak

vulnerability	VCID-5twm-pqc2-xyfn

vulnerability	VCID-dh75-6jyw-1ke2

vulnerability	VCID-j34j-bgfd-8fez

vulnerability	VCID-jg77-mm5c-gydu

vulnerability	VCID-m98a-mcyb-c7fm

vulnerability	VCID-metf-cghw-p3b5

vulnerability	VCID-p3dk-p1gb-kkem

vulnerability	VCID-pbu7-4hdm-s3a6

vulnerability	VCID-pnz8-yes1-pfc7

vulnerability	VCID-wvs1-dhwp-ebat

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1j61-5e8x-7fbd

vulnerability	VCID-2p73-rc9t-rudb

vulnerability	VCID-2qba-a6bp-ryak

vulnerability	VCID-5twm-pqc2-xyfn

vulnerability	VCID-dh75-6jyw-1ke2

vulnerability	VCID-j34j-bgfd-8fez

vulnerability	VCID-jg77-mm5c-gydu

vulnerability	VCID-m98a-mcyb-c7fm

vulnerability	VCID-metf-cghw-p3b5

vulnerability	VCID-p3dk-p1gb-kkem

vulnerability	VCID-pbu7-4hdm-s3a6

vulnerability	VCID-pnz8-yes1-pfc7

vulnerability	VCID-wvs1-dhwp-ebat

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie

purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1j61-5e8x-7fbd

vulnerability	VCID-2p73-rc9t-rudb

vulnerability	VCID-2qba-a6bp-ryak

vulnerability	VCID-5twm-pqc2-xyfn

vulnerability	VCID-dh75-6jyw-1ke2

vulnerability	VCID-j34j-bgfd-8fez

vulnerability	VCID-jg77-mm5c-gydu

vulnerability	VCID-m98a-mcyb-c7fm

vulnerability	VCID-metf-cghw-p3b5

vulnerability	VCID-p3dk-p1gb-kkem

vulnerability	VCID-pbu7-4hdm-s3a6

vulnerability	VCID-pnz8-yes1-pfc7

vulnerability	VCID-wvs1-dhwp-ebat

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie

purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9rpp-9xss-duf6

vulnerability	VCID-skxv-7he3-xqgc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie

url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie

purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1j61-5e8x-7fbd

vulnerability	VCID-2p73-rc9t-rudb

vulnerability	VCID-2qba-a6bp-ryak

vulnerability	VCID-5twm-pqc2-xyfn

vulnerability	VCID-dh75-6jyw-1ke2

vulnerability	VCID-j34j-bgfd-8fez

vulnerability	VCID-jg77-mm5c-gydu

vulnerability	VCID-m98a-mcyb-c7fm

vulnerability	VCID-metf-cghw-p3b5

vulnerability	VCID-p3dk-p1gb-kkem

vulnerability	VCID-pbu7-4hdm-s3a6

vulnerability	VCID-pnz8-yes1-pfc7

vulnerability	VCID-wvs1-dhwp-ebat

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie

url	pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl	pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie

aliases CVE-2011-5036, GHSA-v6j3-7jrw-hq2p, OSV-78121

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge4d-a8z8-m3c6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@1.4.0-1%3Fdistro=trixie

Package Instance