Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/938342?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "type": "deb", "namespace": "debian", "name": "ruby-rack", "version": "2.1.4-3+deb11u4", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.1.4-3+deb11u5", "latest_non_vulnerable_version": "3.2.6-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30435?format=api", "vulnerability_id": "VCID-47ja-djzb-2bbw", "summary": "Rack has an Unbounded-Parameter DoS in Rack::QueryParser\n## Summary\n\n`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.\n\n## Details\n\nThe vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.\n\n## Impact\n\nAn attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.\n\n## Mitigation\n\n- Update to a version of Rack that limits the number of parameters parsed, or\n- Use middleware to enforce a maximum query string size or parameter count, or\n- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.\n\nLimiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74275", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74241", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74249", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74202", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74209", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74205", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.7419", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74158", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00808", "scoring_system": "epss", "scoring_elements": "0.74185", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712" }, { "reference_url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3" }, { "reference_url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927", "reference_id": "1104927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966", "reference_id": "2364966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364966" }, { "reference_url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx", "reference_id": "GHSA-gjh7-p2fx-99vx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjh7-p2fx-99vx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7604", "reference_id": "RHSA-2025:7604", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7604" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7605", "reference_id": "RHSA-2025:7605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8254", "reference_id": "RHSA-2025:8254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8256", "reference_id": "RHSA-2025:8256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8279", "reference_id": "RHSA-2025:8279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8288", "reference_id": "RHSA-2025:8288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8289", "reference_id": "RHSA-2025:8289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8290", "reference_id": "RHSA-2025:8290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8291", "reference_id": "RHSA-2025:8291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8319", "reference_id": "RHSA-2025:8319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8322", "reference_id": "RHSA-2025:8322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8323", "reference_id": "RHSA-2025:8323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/7507-1/", "reference_id": "USN-7507-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7507-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938344?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.16-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.16-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-46727", "GHSA-gjh7-p2fx-99vx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47ja-djzb-2bbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21707?format=api", "vulnerability_id": "VCID-azu5-jcmd-3ufx", "summary": "Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41064", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41069", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41252", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41238", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41261", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41253", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41249", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200", "reference_id": "2402200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772", "reference_id": "CVE-2025-61772", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml", "reference_id": "CVE-2025-61772.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml" }, { "reference_url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c", "reference_id": "GHSA-wpv5-97wm-hp9c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61772", "GHSA-wpv5-97wm-hp9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azu5-jcmd-3ufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21690?format=api", "vulnerability_id": "VCID-c5sc-7qnn-mkb9", "summary": "Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2688", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26888", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26937", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26999", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27047", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27087", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26973", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27146", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628", "reference_id": "1117628", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175", "reference_id": "2402175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771", "reference_id": "CVE-2025-61771", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml", "reference_id": "CVE-2025-61771.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml" }, { "reference_url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw", "reference_id": "GHSA-w9pc-fmgc-vxvw", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61771", "GHSA-w9pc-fmgc-vxvw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5sc-7qnn-mkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21773?format=api", "vulnerability_id": "VCID-d58r-22kr-9bct", "summary": "Rack has a Possible Information Disclosure Vulnerability\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10343", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10369", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10238", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10267", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10434", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10394", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10328", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784" }, { "reference_url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a" }, { "reference_url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855", "reference_id": "1117855", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126", "reference_id": "2403126", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403126" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780", "reference_id": "CVE-2025-61780", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml", "reference_id": "CVE-2025-61780.YML", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml" }, { "reference_url": "https://github.com/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557", "reference_id": "GHSA-r657-rxjc-j557", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61780", "GHSA-r657-rxjc-j557" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d58r-22kr-9bct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21554?format=api", "vulnerability_id": "VCID-gdhf-e8q1-kbat", "summary": "Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters\n`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21206", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21196", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21203", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21256", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21297", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21225", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21145", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22207", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22221", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/" } ], "url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431", "reference_id": "1116431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167", "reference_id": "2398167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2398167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830", "reference_id": "CVE-2025-59830", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59830" }, { "reference_url": "https://github.com/advisories/GHSA-625h-95r8-8xpm", "reference_id": "GHSA-625h-95r8-8xpm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-625h-95r8-8xpm" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm", "reference_id": "GHSA-625h-95r8-8xpm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19832", "reference_id": "RHSA-2025:19832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19855", "reference_id": "RHSA-2025:19855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19856", "reference_id": "RHSA-2025:19856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://usn.ubuntu.com/7784-1/", "reference_id": "USN-7784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7784-1/" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938343?format=api", "purl": "pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.0.8-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59830", "GHSA-625h-95r8-8xpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhf-e8q1-kbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21709?format=api", "vulnerability_id": "VCID-npag-sz7d-v7b6", "summary": "Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36408", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36438", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36663", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36723", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3674", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3668", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36844", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36812", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e" }, { "reference_url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e" }, { "reference_url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627", "reference_id": "1117627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174", "reference_id": "2402174", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402174" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770", "reference_id": "CVE-2025-61770", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml", "reference_id": "CVE-2025-61770.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp", "reference_id": "GHSA-p543-xpfm-54cp", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61770", "GHSA-p543-xpfm-54cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-npag-sz7d-v7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21764?format=api", "vulnerability_id": "VCID-s971-gkdg-jkhc", "summary": "Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44639", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44632", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44713", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44784", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44767", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4475", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44736", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881" }, { "reference_url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db" }, { "reference_url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856", "reference_id": "1117856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180", "reference_id": "2403180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403180" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919", "reference_id": "CVE-2025-61919", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml", "reference_id": "CVE-2025-61919.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm", "reference_id": "GHSA-6xw4-3v39-52mm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19512", "reference_id": "RHSA-2025:19512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19513", "reference_id": "RHSA-2025:19513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19647", "reference_id": "RHSA-2025:19647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19719", "reference_id": "RHSA-2025:19719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19733", "reference_id": "RHSA-2025:19733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19734", "reference_id": "RHSA-2025:19734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19736", "reference_id": "RHSA-2025:19736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19800", "reference_id": "RHSA-2025:19800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19832", "reference_id": "RHSA-2025:19832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19855", "reference_id": "RHSA-2025:19855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19856", "reference_id": "RHSA-2025:19856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19948", "reference_id": "RHSA-2025:19948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20962", "reference_id": "RHSA-2025:20962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21036", "reference_id": "RHSA-2025:21036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21696", "reference_id": "RHSA-2025:21696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21696" }, { "reference_url": "https://usn.ubuntu.com/7960-1/", "reference_id": "USN-7960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61919", "GHSA-6xw4-3v39-52mm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s971-gkdg-jkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30313?format=api", "vulnerability_id": "VCID-xazq-qrm1-9ff6", "summary": "Rack session gets restored after deletion\n### Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n### Details\n\n[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n### Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n### Related\n\nAs this code was moved to `rack-session` in Rack 3+, see <https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj> for the equivalent advisory in `rack-session` (affecting Rack 3+ only).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26389", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26667", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26563", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26521", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26494", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26456", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26395", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rack/rack", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack" }, { "reference_url": "https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270" }, { "reference_url": "https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d" }, { "reference_url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/" } ], "url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g" }, { "reference_url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32441", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364965", "reference_id": "2364965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364965" }, { "reference_url": "https://github.com/advisories/GHSA-vpfw-47h7-xj4g", "reference_id": "GHSA-vpfw-47h7-xj4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpfw-47h7-xj4g" }, { "reference_url": "https://usn.ubuntu.com/7507-1/", "reference_id": "USN-7507-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7507-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938322?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938342?format=api", "purl": "pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938320?format=api", "purl": "pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938343?format=api", "purl": "pkg:deb/debian/ruby-rack@3.0.8-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.0.8-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938325?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938323?format=api", "purl": "pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9rpp-9xss-duf6" }, { "vulnerability": "VCID-skxv-7he3-xqgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938324?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j61-5e8x-7fbd" }, { "vulnerability": "VCID-2p73-rc9t-rudb" }, { "vulnerability": "VCID-2qba-a6bp-ryak" }, { "vulnerability": "VCID-5twm-pqc2-xyfn" }, { "vulnerability": "VCID-dh75-6jyw-1ke2" }, { "vulnerability": "VCID-j34j-bgfd-8fez" }, { "vulnerability": "VCID-jg77-mm5c-gydu" }, { "vulnerability": "VCID-m98a-mcyb-c7fm" }, { "vulnerability": "VCID-metf-cghw-p3b5" }, { "vulnerability": "VCID-p3dk-p1gb-kkem" }, { "vulnerability": "VCID-pbu7-4hdm-s3a6" }, { "vulnerability": "VCID-pnz8-yes1-pfc7" }, { "vulnerability": "VCID-wvs1-dhwp-ebat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059652?format=api", "purl": "pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-32441", "GHSA-vpfw-47h7-xj4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xazq-qrm1-9ff6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u4%3Fdistro=trixie" }