Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie
Typedeb
Namespacedebian
Nameruby-rack
Version2.2.6.4-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.2.6.4-1+deb12u1
Latest_non_vulnerable_version3.2.6-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-fpg2-nhey-rkcc
vulnerability_id VCID-fpg2-nhey-rkcc
summary 
Rack has possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.

Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3

# Impact
The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.

All users running an affected release should either upgrade or use one of the workarounds immediately.

# Workarounds
A proxy can be configured to limit the POST body size which will mitigate this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27530
reference_id
reference_type
scores
0
value 0.0209
scoring_system epss
scoring_elements 0.8399
published_at 2026-04-04T12:55:00Z
1
value 0.0209
scoring_system epss
scoring_elements 0.83975
published_at 2026-04-02T12:55:00Z
2
value 0.02133
scoring_system epss
scoring_elements 0.84204
published_at 2026-04-16T12:55:00Z
3
value 0.02133
scoring_system epss
scoring_elements 0.84183
published_at 2026-04-13T12:55:00Z
4
value 0.02133
scoring_system epss
scoring_elements 0.84186
published_at 2026-04-12T12:55:00Z
5
value 0.02133
scoring_system epss
scoring_elements 0.84192
published_at 2026-04-11T12:55:00Z
6
value 0.02133
scoring_system epss
scoring_elements 0.84208
published_at 2026-04-21T12:55:00Z
7
value 0.02133
scoring_system epss
scoring_elements 0.84205
published_at 2026-04-18T12:55:00Z
8
value 0.02311
scoring_system epss
scoring_elements 0.84757
published_at 2026-04-08T12:55:00Z
9
value 0.02311
scoring_system epss
scoring_elements 0.84734
published_at 2026-04-07T12:55:00Z
10
value 0.02311
scoring_system epss
scoring_elements 0.84763
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27530
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
13
reference_url https://security.netapp.com/advisory/ntap-20231208-0015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231208-0015
14
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://www.debian.org/security/2023/dsa-5530
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803
reference_id 1032803
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176477
reference_id 2176477
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176477
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27530
reference_id CVE-2023-27530
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27530
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
reference_id CVE-2023-27530.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml
19
reference_url https://github.com/advisories/GHSA-3h57-hmj3-gj3p
reference_id GHSA-3h57-hmj3-gj3p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h57-hmj3-gj3p
20
reference_url https://security.netapp.com/advisory/ntap-20231208-0015/
reference_id ntap-20231208-0015
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/
url https://security.netapp.com/advisory/ntap-20231208-0015/
21
reference_url https://access.redhat.com/errata/RHSA-2023:1961
reference_id RHSA-2023:1961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1961
22
reference_url https://access.redhat.com/errata/RHSA-2023:1981
reference_id RHSA-2023:1981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1981
23
reference_url https://access.redhat.com/errata/RHSA-2023:2652
reference_id RHSA-2023:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2652
24
reference_url https://access.redhat.com/errata/RHSA-2023:3082
reference_id RHSA-2023:3082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3082
25
reference_url https://access.redhat.com/errata/RHSA-2023:3403
reference_id RHSA-2023:3403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3403
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
27
reference_url https://usn.ubuntu.com/6837-1/
reference_id USN-6837-1
reference_type
scores
url https://usn.ubuntu.com/6837-1/
28
reference_url https://usn.ubuntu.com/6905-1/
reference_id USN-6905-1
reference_type
scores
url https://usn.ubuntu.com/6905-1/
29
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.6.4-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2023-27530, GHSA-3h57-hmj3-gj3p, GMS-2023-663
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpg2-nhey-rkcc
1
url VCID-xkah-9nv9-wufd
vulnerability_id VCID-xkah-9nv9-wufd
summary 
Possible Denial of Service Vulnerability in Rack’s header parsing
There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27539
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55815
published_at 2026-04-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.55793
published_at 2026-04-02T12:55:00Z
2
value 0.00335
scoring_system epss
scoring_elements 0.56406
published_at 2026-04-16T12:55:00Z
3
value 0.00335
scoring_system epss
scoring_elements 0.56374
published_at 2026-04-13T12:55:00Z
4
value 0.00335
scoring_system epss
scoring_elements 0.56392
published_at 2026-04-12T12:55:00Z
5
value 0.00335
scoring_system epss
scoring_elements 0.56416
published_at 2026-04-11T12:55:00Z
6
value 0.00335
scoring_system epss
scoring_elements 0.56377
published_at 2026-04-21T12:55:00Z
7
value 0.00335
scoring_system epss
scoring_elements 0.56407
published_at 2026-04-18T12:55:00Z
8
value 0.00364
scoring_system epss
scoring_elements 0.58481
published_at 2026-04-08T12:55:00Z
9
value 0.00364
scoring_system epss
scoring_elements 0.58428
published_at 2026-04-07T12:55:00Z
10
value 0.00364
scoring_system epss
scoring_elements 0.58487
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27539
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539
9
reference_url https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
12
reference_url https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
13
reference_url https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff
14
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html
15
reference_url https://security.netapp.com/advisory/ntap-20231208-0016
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231208-0016
16
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://www.debian.org/security/2023/dsa-5530
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264
reference_id 1033264
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179649
reference_id 2179649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179649
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27539
reference_id CVE-2023-27539
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27539
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
reference_id CVE-2023-27539.YML
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml
21
reference_url https://github.com/advisories/GHSA-c6qg-cjj8-47qp
reference_id GHSA-c6qg-cjj8-47qp
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://github.com/advisories/GHSA-c6qg-cjj8-47qp
22
reference_url https://security.netapp.com/advisory/ntap-20231208-0016/
reference_id ntap-20231208-0016
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/
url https://security.netapp.com/advisory/ntap-20231208-0016/
23
reference_url https://access.redhat.com/errata/RHSA-2023:1953
reference_id RHSA-2023:1953
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1953
24
reference_url https://access.redhat.com/errata/RHSA-2023:1961
reference_id RHSA-2023:1961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1961
25
reference_url https://access.redhat.com/errata/RHSA-2023:1981
reference_id RHSA-2023:1981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1981
26
reference_url https://access.redhat.com/errata/RHSA-2023:2652
reference_id RHSA-2023:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2652
27
reference_url https://access.redhat.com/errata/RHSA-2023:3082
reference_id RHSA-2023:3082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3082
28
reference_url https://access.redhat.com/errata/RHSA-2023:3403
reference_id RHSA-2023:3403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3403
29
reference_url https://access.redhat.com/errata/RHSA-2023:3495
reference_id RHSA-2023:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3495
30
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
31
reference_url https://usn.ubuntu.com/6689-1/
reference_id USN-6689-1
reference_type
scores
url https://usn.ubuntu.com/6689-1/
32
reference_url https://usn.ubuntu.com/6905-1/
reference_id USN-6905-1
reference_type
scores
url https://usn.ubuntu.com/6905-1/
33
reference_url https://usn.ubuntu.com/7036-1/
reference_id USN-7036-1
reference_type
scores
url https://usn.ubuntu.com/7036-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.6.4-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2023-27539, GHSA-c6qg-cjj8-47qp, GMS-2023-769
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkah-9nv9-wufd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.6.4-1%3Fdistro=trixie