Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-rack@0?distro=trixie
Typedeb
Namespacedebian
Nameruby-rack
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.0-1
Latest_non_vulnerable_version3.2.6-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7wvj-9h3p-23am
vulnerability_id VCID-7wvj-9h3p-23am
summary 
ReDoS Vulnerability in Rack::Multipart handle_mime_head
### Summary
There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571.

### Details

Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

### Credits

Thanks to [scyoon](https://hackerone.com/scyoon) for reporting this to the Rails security team
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
reference_id
reference_type
scores
0
value 0.00569
scoring_system epss
scoring_elements 0.68589
published_at 2026-04-21T12:55:00Z
1
value 0.00569
scoring_system epss
scoring_elements 0.68611
published_at 2026-04-18T12:55:00Z
2
value 0.00569
scoring_system epss
scoring_elements 0.686
published_at 2026-04-16T12:55:00Z
3
value 0.00569
scoring_system epss
scoring_elements 0.6856
published_at 2026-04-13T12:55:00Z
4
value 0.00569
scoring_system epss
scoring_elements 0.6859
published_at 2026-04-12T12:55:00Z
5
value 0.00569
scoring_system epss
scoring_elements 0.68602
published_at 2026-04-11T12:55:00Z
6
value 0.00569
scoring_system epss
scoring_elements 0.68576
published_at 2026-04-09T12:55:00Z
7
value 0.00569
scoring_system epss
scoring_elements 0.68558
published_at 2026-04-08T12:55:00Z
8
value 0.00569
scoring_system epss
scoring_elements 0.68507
published_at 2026-04-07T12:55:00Z
9
value 0.00569
scoring_system epss
scoring_elements 0.6851
published_at 2026-04-02T12:55:00Z
10
value 0.00569
scoring_system epss
scoring_elements 0.68528
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49007
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
4
reference_url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f
5
reference_url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/
url https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49007
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
reference_id 1107363
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
reference_id 2370346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370346
11
reference_url https://github.com/advisories/GHSA-47m2-26rw-j2jw
reference_id GHSA-47m2-26rw-j2jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47m2-26rw-j2jw
fixed_packages
0
url pkg:deb/debian/ruby-rack@0?distro=trixie
purl pkg:deb/debian/ruby-rack@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.16-0.1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.16-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.16-0.1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-49007, GHSA-47m2-26rw-j2jw
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvj-9h3p-23am
1
url VCID-stpq-7qys-t3cf
vulnerability_id VCID-stpq-7qys-t3cf
summary 
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
### Summary

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS).

### Details

The fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5.
references
0
reference_url https://advisory.dw1.io/61
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://advisory.dw1.io/61
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39316
reference_id
reference_type
scores
0
value 0.00833
scoring_system epss
scoring_elements 0.74633
published_at 2026-04-18T12:55:00Z
1
value 0.00833
scoring_system epss
scoring_elements 0.74626
published_at 2026-04-16T12:55:00Z
2
value 0.00833
scoring_system epss
scoring_elements 0.74588
published_at 2026-04-13T12:55:00Z
3
value 0.00833
scoring_system epss
scoring_elements 0.74597
published_at 2026-04-12T12:55:00Z
4
value 0.00833
scoring_system epss
scoring_elements 0.74617
published_at 2026-04-11T12:55:00Z
5
value 0.00833
scoring_system epss
scoring_elements 0.74594
published_at 2026-04-09T12:55:00Z
6
value 0.00833
scoring_system epss
scoring_elements 0.74579
published_at 2026-04-08T12:55:00Z
7
value 0.00833
scoring_system epss
scoring_elements 0.74547
published_at 2026-04-07T12:55:00Z
8
value 0.00833
scoring_system epss
scoring_elements 0.74572
published_at 2026-04-04T12:55:00Z
9
value 0.00833
scoring_system epss
scoring_elements 0.74546
published_at 2026-04-02T12:55:00Z
10
value 0.00833
scoring_system epss
scoring_elements 0.74624
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39316
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
4
reference_url https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/
url https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058
5
reference_url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/
url https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f
6
reference_url https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:50:23Z/
url https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39316
9
reference_url https://github.com/advisories/GHSA-cj83-2ww7-mvq7
reference_id GHSA-cj83-2ww7-mvq7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj83-2ww7-mvq7
fixed_packages
0
url pkg:deb/debian/ruby-rack@0?distro=trixie
purl pkg:deb/debian/ruby-rack@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2024-39316, GHSA-cj83-2ww7-mvq7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stpq-7qys-t3cf
2
url VCID-sw69-1r7d-kkht
vulnerability_id VCID-sw69-1r7d-kkht
summary 
Uncontrolled Resource Consumption
There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3172
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3172
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16470
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.3932
published_at 2026-04-16T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39267
published_at 2026-04-13T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39285
published_at 2026-04-12T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39324
published_at 2026-04-11T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39312
published_at 2026-04-09T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39296
published_at 2026-04-08T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39241
published_at 2026-04-07T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39327
published_at 2026-04-04T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39303
published_at 2026-04-02T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39117
published_at 2026-04-01T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39202
published_at 2026-04-21T12:55:00Z
11
value 0.00177
scoring_system epss
scoring_elements 0.3929
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16470
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
6
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646814
reference_id 1646814
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646814
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003
reference_id 913003
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16470
reference_id CVE-2018-16470
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16470
11
reference_url https://github.com/advisories/GHSA-hg78-4f6x-99wq
reference_id GHSA-hg78-4f6x-99wq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg78-4f6x-99wq
fixed_packages
0
url pkg:deb/debian/ruby-rack@0?distro=trixie
purl pkg:deb/debian/ruby-rack@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2018-16470, GHSA-hg78-4f6x-99wq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw69-1r7d-kkht
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@0%3Fdistro=trixie