Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
Typedeb
Namespacedebian
Nameruby-rack
Version2.1.4-3+deb11u4
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.1.4-3+deb11u5
Latest_non_vulnerable_version3.2.6-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-47ja-djzb-2bbw
vulnerability_id VCID-47ja-djzb-2bbw
summary 
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
## Summary

`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.

## Details

The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.

## Impact

An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.

## Mitigation

- Update to a version of Rack that limits the number of parameters parsed, or
- Use middleware to enforce a maximum query string size or parameter count, or
- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.

Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74241
published_at 2026-04-21T12:55:00Z
1
value 0.00808
scoring_system epss
scoring_elements 0.74158
published_at 2026-04-02T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74185
published_at 2026-04-04T12:55:00Z
3
value 0.00808
scoring_system epss
scoring_elements 0.74157
published_at 2026-04-07T12:55:00Z
4
value 0.00808
scoring_system epss
scoring_elements 0.7419
published_at 2026-04-08T12:55:00Z
5
value 0.00808
scoring_system epss
scoring_elements 0.74205
published_at 2026-04-09T12:55:00Z
6
value 0.00808
scoring_system epss
scoring_elements 0.74227
published_at 2026-04-11T12:55:00Z
7
value 0.00808
scoring_system epss
scoring_elements 0.74209
published_at 2026-04-12T12:55:00Z
8
value 0.00808
scoring_system epss
scoring_elements 0.74202
published_at 2026-04-13T12:55:00Z
9
value 0.00808
scoring_system epss
scoring_elements 0.74239
published_at 2026-04-16T12:55:00Z
10
value 0.00808
scoring_system epss
scoring_elements 0.74249
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
6
reference_url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3
7
reference_url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/
url https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46727
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
reference_id 1104927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
reference_id 2364966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364966
13
reference_url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
reference_id GHSA-gjh7-p2fx-99vx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjh7-p2fx-99vx
14
reference_url https://access.redhat.com/errata/RHSA-2025:7604
reference_id RHSA-2025:7604
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7604
15
reference_url https://access.redhat.com/errata/RHSA-2025:7605
reference_id RHSA-2025:7605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7605
16
reference_url https://access.redhat.com/errata/RHSA-2025:8254
reference_id RHSA-2025:8254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8254
17
reference_url https://access.redhat.com/errata/RHSA-2025:8256
reference_id RHSA-2025:8256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8256
18
reference_url https://access.redhat.com/errata/RHSA-2025:8279
reference_id RHSA-2025:8279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8279
19
reference_url https://access.redhat.com/errata/RHSA-2025:8288
reference_id RHSA-2025:8288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8288
20
reference_url https://access.redhat.com/errata/RHSA-2025:8289
reference_id RHSA-2025:8289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8289
21
reference_url https://access.redhat.com/errata/RHSA-2025:8290
reference_id RHSA-2025:8290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8290
22
reference_url https://access.redhat.com/errata/RHSA-2025:8291
reference_id RHSA-2025:8291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8291
23
reference_url https://access.redhat.com/errata/RHSA-2025:8319
reference_id RHSA-2025:8319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8319
24
reference_url https://access.redhat.com/errata/RHSA-2025:8322
reference_id RHSA-2025:8322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8322
25
reference_url https://access.redhat.com/errata/RHSA-2025:8323
reference_id RHSA-2025:8323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8323
26
reference_url https://access.redhat.com/errata/RHSA-2025:9838
reference_id RHSA-2025:9838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9838
27
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.16-0.1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.16-0.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.16-0.1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-46727, GHSA-gjh7-p2fx-99vx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47ja-djzb-2bbw
1
url VCID-azu5-jcmd-3ufx
vulnerability_id VCID-azu5-jcmd-3ufx
summary 
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.4118
published_at 2026-04-21T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41252
published_at 2026-04-18T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41281
published_at 2026-04-16T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41238
published_at 2026-04-13T12:55:00Z
4
value 0.00193
scoring_system epss
scoring_elements 0.41251
published_at 2026-04-12T12:55:00Z
5
value 0.00193
scoring_system epss
scoring_elements 0.41283
published_at 2026-04-11T12:55:00Z
6
value 0.00193
scoring_system epss
scoring_elements 0.41261
published_at 2026-04-09T12:55:00Z
7
value 0.00193
scoring_system epss
scoring_elements 0.41253
published_at 2026-04-08T12:55:00Z
8
value 0.00193
scoring_system epss
scoring_elements 0.41203
published_at 2026-04-07T12:55:00Z
9
value 0.00193
scoring_system epss
scoring_elements 0.41278
published_at 2026-04-04T12:55:00Z
10
value 0.00193
scoring_system epss
scoring_elements 0.41249
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61772
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
reference_id 2402200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402200
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
reference_id CVE-2025-61772
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61772
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
reference_id CVE-2025-61772.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml
12
reference_url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpv5-97wm-hp9c
13
reference_url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
reference_id GHSA-wpv5-97wm-hp9c
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/
url https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-61772, GHSA-wpv5-97wm-hp9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azu5-jcmd-3ufx
2
url VCID-c5sc-7qnn-mkb9
vulnerability_id VCID-c5sc-7qnn-mkb9
summary 
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26937
published_at 2026-04-21T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.26999
published_at 2026-04-16T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.2699
published_at 2026-04-13T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27047
published_at 2026-04-12T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.27091
published_at 2026-04-11T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.27087
published_at 2026-04-09T12:55:00Z
6
value 0.00098
scoring_system epss
scoring_elements 0.27042
published_at 2026-04-08T12:55:00Z
7
value 0.00098
scoring_system epss
scoring_elements 0.26973
published_at 2026-04-18T12:55:00Z
8
value 0.00098
scoring_system epss
scoring_elements 0.27182
published_at 2026-04-04T12:55:00Z
9
value 0.00098
scoring_system epss
scoring_elements 0.27146
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61771
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
reference_id 1117628
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
reference_id 2402175
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402175
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
reference_id CVE-2025-61771
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61771
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
reference_id CVE-2025-61771.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml
12
reference_url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9pc-fmgc-vxvw
13
reference_url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
reference_id GHSA-w9pc-fmgc-vxvw
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/
url https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
19
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
20
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
21
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
22
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
23
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
24
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5sc-7qnn-mkb9
3
url VCID-d58r-22kr-9bct
vulnerability_id VCID-d58r-22kr-9bct
summary 
Rack has a Possible Information Disclosure Vulnerability
A possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10369
published_at 2026-04-21T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10238
published_at 2026-04-18T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10267
published_at 2026-04-16T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10396
published_at 2026-04-13T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10418
published_at 2026-04-12T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10462
published_at 2026-04-11T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10434
published_at 2026-04-09T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10368
published_at 2026-04-08T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10294
published_at 2026-04-07T12:55:00Z
9
value 0.00035
scoring_system epss
scoring_elements 0.10394
published_at 2026-04-04T12:55:00Z
10
value 0.00035
scoring_system epss
scoring_elements 0.10328
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61780
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784
6
reference_url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a
7
reference_url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
reference_id 1117855
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
reference_id 2403126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403126
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
reference_id CVE-2025-61780
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61780
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
reference_id CVE-2025-61780.YML
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml
12
reference_url https://github.com/advisories/GHSA-r657-rxjc-j557
reference_id GHSA-r657-rxjc-j557
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r657-rxjc-j557
13
reference_url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
reference_id GHSA-r657-rxjc-j557
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements
1
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/
url https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
14
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-61780, GHSA-r657-rxjc-j557
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d58r-22kr-9bct
4
url VCID-gdhf-e8q1-kbat
vulnerability_id VCID-gdhf-e8q1-kbat
summary 
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21392
published_at 2026-04-04T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21287
published_at 2026-04-09T12:55:00Z
2
value 0.00069
scoring_system epss
scoring_elements 0.21337
published_at 2026-04-02T12:55:00Z
3
value 0.00069
scoring_system epss
scoring_elements 0.21225
published_at 2026-04-08T12:55:00Z
4
value 0.00069
scoring_system epss
scoring_elements 0.21145
published_at 2026-04-07T12:55:00Z
5
value 0.00069
scoring_system epss
scoring_elements 0.21206
published_at 2026-04-18T12:55:00Z
6
value 0.00069
scoring_system epss
scoring_elements 0.21196
published_at 2026-04-16T12:55:00Z
7
value 0.00069
scoring_system epss
scoring_elements 0.21203
published_at 2026-04-13T12:55:00Z
8
value 0.00069
scoring_system epss
scoring_elements 0.21256
published_at 2026-04-12T12:55:00Z
9
value 0.00069
scoring_system epss
scoring_elements 0.21297
published_at 2026-04-11T12:55:00Z
10
value 0.00074
scoring_system epss
scoring_elements 0.22371
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59830
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
reference_id 1116431
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
reference_id 2398167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2398167
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
reference_id CVE-2025-59830
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59830
9
reference_url https://github.com/advisories/GHSA-625h-95r8-8xpm
reference_id GHSA-625h-95r8-8xpm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-625h-95r8-8xpm
10
reference_url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
reference_id GHSA-625h-95r8-8xpm
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/
url https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
11
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
12
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
13
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
14
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
15
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
16
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
17
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
18
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
19
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
20
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
21
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://usn.ubuntu.com/7784-1/
reference_id USN-7784-1
reference_type
scores
url https://usn.ubuntu.com/7784-1/
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.0.8-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-59830, GHSA-625h-95r8-8xpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhf-e8q1-kbat
5
url VCID-npag-sz7d-v7b6
vulnerability_id VCID-npag-sz7d-v7b6
summary 
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36663
published_at 2026-04-21T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36723
published_at 2026-04-18T12:55:00Z
2
value 0.00158
scoring_system epss
scoring_elements 0.3674
published_at 2026-04-16T12:55:00Z
3
value 0.00158
scoring_system epss
scoring_elements 0.36695
published_at 2026-04-13T12:55:00Z
4
value 0.00158
scoring_system epss
scoring_elements 0.36721
published_at 2026-04-12T12:55:00Z
5
value 0.00158
scoring_system epss
scoring_elements 0.36756
published_at 2026-04-11T12:55:00Z
6
value 0.00158
scoring_system epss
scoring_elements 0.36747
published_at 2026-04-09T12:55:00Z
7
value 0.00158
scoring_system epss
scoring_elements 0.3673
published_at 2026-04-08T12:55:00Z
8
value 0.00158
scoring_system epss
scoring_elements 0.3668
published_at 2026-04-07T12:55:00Z
9
value 0.00158
scoring_system epss
scoring_elements 0.36844
published_at 2026-04-04T12:55:00Z
10
value 0.00158
scoring_system epss
scoring_elements 0.36812
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61770
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e
6
reference_url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e
7
reference_url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
reference_id 1117627
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
reference_id 2402174
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402174
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
reference_id CVE-2025-61770
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61770
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
reference_id CVE-2025-61770.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml
12
reference_url https://github.com/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p543-xpfm-54cp
13
reference_url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
reference_id GHSA-p543-xpfm-54cp
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/
url https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
23
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
24
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
25
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
26
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-61770, GHSA-p543-xpfm-54cp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npag-sz7d-v7b6
6
url VCID-s971-gkdg-jkhc
vulnerability_id VCID-s971-gkdg-jkhc
summary 
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44713
published_at 2026-04-21T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44784
published_at 2026-04-18T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44791
published_at 2026-04-16T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44737
published_at 2026-04-13T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44735
published_at 2026-04-12T12:55:00Z
5
value 0.00221
scoring_system epss
scoring_elements 0.44767
published_at 2026-04-11T12:55:00Z
6
value 0.00221
scoring_system epss
scoring_elements 0.4475
published_at 2026-04-09T12:55:00Z
7
value 0.00221
scoring_system epss
scoring_elements 0.44748
published_at 2026-04-08T12:55:00Z
8
value 0.00221
scoring_system epss
scoring_elements 0.44695
published_at 2026-04-07T12:55:00Z
9
value 0.00221
scoring_system epss
scoring_elements 0.44756
published_at 2026-04-04T12:55:00Z
10
value 0.00221
scoring_system epss
scoring_elements 0.44736
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61919
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881
6
reference_url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db
7
reference_url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
reference_id 1117856
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
reference_id 2403180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403180
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
reference_id CVE-2025-61919
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61919
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
reference_id CVE-2025-61919.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml
12
reference_url https://github.com/advisories/GHSA-6xw4-3v39-52mm
reference_id GHSA-6xw4-3v39-52mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xw4-3v39-52mm
13
reference_url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
reference_id GHSA-6xw4-3v39-52mm
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/
url https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
14
reference_url https://access.redhat.com/errata/RHSA-2025:19512
reference_id RHSA-2025:19512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19512
15
reference_url https://access.redhat.com/errata/RHSA-2025:19513
reference_id RHSA-2025:19513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19513
16
reference_url https://access.redhat.com/errata/RHSA-2025:19647
reference_id RHSA-2025:19647
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19647
17
reference_url https://access.redhat.com/errata/RHSA-2025:19719
reference_id RHSA-2025:19719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19719
18
reference_url https://access.redhat.com/errata/RHSA-2025:19733
reference_id RHSA-2025:19733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19733
19
reference_url https://access.redhat.com/errata/RHSA-2025:19734
reference_id RHSA-2025:19734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19734
20
reference_url https://access.redhat.com/errata/RHSA-2025:19736
reference_id RHSA-2025:19736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19736
21
reference_url https://access.redhat.com/errata/RHSA-2025:19800
reference_id RHSA-2025:19800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19800
22
reference_url https://access.redhat.com/errata/RHSA-2025:19832
reference_id RHSA-2025:19832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19832
23
reference_url https://access.redhat.com/errata/RHSA-2025:19855
reference_id RHSA-2025:19855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19855
24
reference_url https://access.redhat.com/errata/RHSA-2025:19856
reference_id RHSA-2025:19856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19856
25
reference_url https://access.redhat.com/errata/RHSA-2025:19948
reference_id RHSA-2025:19948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19948
26
reference_url https://access.redhat.com/errata/RHSA-2025:20962
reference_id RHSA-2025:20962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20962
27
reference_url https://access.redhat.com/errata/RHSA-2025:21036
reference_id RHSA-2025:21036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21036
28
reference_url https://access.redhat.com/errata/RHSA-2025:21696
reference_id RHSA-2025:21696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21696
29
reference_url https://usn.ubuntu.com/7960-1/
reference_id USN-7960-1
reference_type
scores
url https://usn.ubuntu.com/7960-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-61919, GHSA-6xw4-3v39-52mm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s971-gkdg-jkhc
7
url VCID-xazq-qrm1-9ff6
vulnerability_id VCID-xazq-qrm1-9ff6
summary 
Rack session gets restored after deletion
### Summary

When using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.

### Details

[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.

### Impact

When using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.

## Mitigation

- Update to the latest version of `rack`, or
- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or
- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.

### Related

As this code was moved to `rack-session` in Rack 3+, see <https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj> for the equivalent advisory in `rack-session` (affecting Rack 3+ only).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26456
published_at 2026-04-21T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26494
published_at 2026-04-18T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26521
published_at 2026-04-16T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26514
published_at 2026-04-13T12:55:00Z
4
value 0.00096
scoring_system epss
scoring_elements 0.26571
published_at 2026-04-12T12:55:00Z
5
value 0.00096
scoring_system epss
scoring_elements 0.26617
published_at 2026-04-11T12:55:00Z
6
value 0.00096
scoring_system epss
scoring_elements 0.26612
published_at 2026-04-09T12:55:00Z
7
value 0.00096
scoring_system epss
scoring_elements 0.26563
published_at 2026-04-08T12:55:00Z
8
value 0.00096
scoring_system epss
scoring_elements 0.26495
published_at 2026-04-07T12:55:00Z
9
value 0.00096
scoring_system epss
scoring_elements 0.26709
published_at 2026-04-04T12:55:00Z
10
value 0.00096
scoring_system epss
scoring_elements 0.26667
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32441
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
6
reference_url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/
url https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
8
reference_url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32441
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
reference_id 2364965
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364965
12
reference_url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
reference_id GHSA-vpfw-47h7-xj4g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpfw-47h7-xj4g
13
reference_url https://usn.ubuntu.com/7507-1/
reference_id USN-7507-1
reference_type
scores
url https://usn.ubuntu.com/7507-1/
fixed_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.0.8-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
7
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2025-32441, GHSA-vpfw-47h7-xj4g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xazq-qrm1-9ff6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie