Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jg77-mm5c-gydu
SummaryRack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
Aliases
0
alias CVE-2026-34763
1
alias GHSA-7mqq-6cf9-v2qp
Fixed_packages
0
url pkg:deb/debian/ruby-rack@2.2.22-0%2Bdeb12u1
purl pkg:deb/debian/ruby-rack@2.2.22-0%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.22-0%252Bdeb12u1
1
url pkg:deb/debian/ruby-rack@3.1.20-0%2Bdeb13u1
purl pkg:deb/debian/ruby-rack@3.1.20-0%2Bdeb13u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.20-0%252Bdeb13u1
2
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.2.6-2
purl pkg:deb/debian/ruby-rack@3.2.6-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2
4
url pkg:gem/rack@2.2.23
purl pkg:gem/rack@2.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23
5
url pkg:gem/rack@3.1.21
purl pkg:gem/rack@3.1.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21
6
url pkg:gem/rack@3.2.6
purl pkg:gem/rack@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6
Affected_packages
0
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-47ja-djzb-2bbw
4
vulnerability VCID-5twm-pqc2-xyfn
5
vulnerability VCID-7p12-ejdu-uqgy
6
vulnerability VCID-9rpp-9xss-duf6
7
vulnerability VCID-azu5-jcmd-3ufx
8
vulnerability VCID-c5sc-7qnn-mkb9
9
vulnerability VCID-d58r-22kr-9bct
10
vulnerability VCID-dh75-6jyw-1ke2
11
vulnerability VCID-gdhf-e8q1-kbat
12
vulnerability VCID-j34j-bgfd-8fez
13
vulnerability VCID-jg77-mm5c-gydu
14
vulnerability VCID-m98a-mcyb-c7fm
15
vulnerability VCID-metf-cghw-p3b5
16
vulnerability VCID-npag-sz7d-v7b6
17
vulnerability VCID-p3dk-p1gb-kkem
18
vulnerability VCID-pbu7-4hdm-s3a6
19
vulnerability VCID-pnz8-yes1-pfc7
20
vulnerability VCID-s971-gkdg-jkhc
21
vulnerability VCID-skxv-7he3-xqgc
22
vulnerability VCID-w732-52bx-2qf8
23
vulnerability VCID-wt7k-s1yd-nke6
24
vulnerability VCID-wvs1-dhwp-ebat
25
vulnerability VCID-xazq-qrm1-9ff6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1
3
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1
6
url pkg:deb/debian/ruby-rack@3.2.5-2
purl pkg:deb/debian/ruby-rack@3.2.5-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2
7
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
8
url pkg:gem/rack@3.0.0.beta1
purl pkg:gem/rack@3.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-7p12-ejdu-uqgy
5
vulnerability VCID-7wvj-9h3p-23am
6
vulnerability VCID-9rpp-9xss-duf6
7
vulnerability VCID-arac-j5h5-zkcu
8
vulnerability VCID-azu5-jcmd-3ufx
9
vulnerability VCID-c21j-snf1-d3cb
10
vulnerability VCID-c5sc-7qnn-mkb9
11
vulnerability VCID-d58r-22kr-9bct
12
vulnerability VCID-dh75-6jyw-1ke2
13
vulnerability VCID-gtzk-m9rm-57hw
14
vulnerability VCID-j34j-bgfd-8fez
15
vulnerability VCID-jg77-mm5c-gydu
16
vulnerability VCID-m98a-mcyb-c7fm
17
vulnerability VCID-metf-cghw-p3b5
18
vulnerability VCID-npag-sz7d-v7b6
19
vulnerability VCID-p3dk-p1gb-kkem
20
vulnerability VCID-pbu7-4hdm-s3a6
21
vulnerability VCID-s971-gkdg-jkhc
22
vulnerability VCID-skxv-7he3-xqgc
23
vulnerability VCID-vkrw-y1j6-6fe7
24
vulnerability VCID-wvs1-dhwp-ebat
25
vulnerability VCID-xkah-9nv9-wufd
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1
9
url pkg:gem/rack@3.2.0
purl pkg:gem/rack@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-9rpp-9xss-duf6
5
vulnerability VCID-azu5-jcmd-3ufx
6
vulnerability VCID-c5sc-7qnn-mkb9
7
vulnerability VCID-d58r-22kr-9bct
8
vulnerability VCID-dh75-6jyw-1ke2
9
vulnerability VCID-j34j-bgfd-8fez
10
vulnerability VCID-jg77-mm5c-gydu
11
vulnerability VCID-m98a-mcyb-c7fm
12
vulnerability VCID-metf-cghw-p3b5
13
vulnerability VCID-npag-sz7d-v7b6
14
vulnerability VCID-p3dk-p1gb-kkem
15
vulnerability VCID-pbu7-4hdm-s3a6
16
vulnerability VCID-pnz8-yes1-pfc7
17
vulnerability VCID-s971-gkdg-jkhc
18
vulnerability VCID-skxv-7he3-xqgc
19
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.07801
published_at 2026-04-04T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.0776
published_at 2026-04-07T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10738
published_at 2026-04-12T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.1077
published_at 2026-04-11T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10755
published_at 2026-04-09T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10699
published_at 2026-04-08T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10578
published_at 2026-04-16T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10714
published_at 2026-04-13T12:55:00Z
8
value 0.00038
scoring_system epss
scoring_elements 0.11321
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34763
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34763
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
reference_id 2454498
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454498
7
reference_url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
reference_id GHSA-7mqq-6cf9-v2qp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mqq-6cf9-v2qp
8
reference_url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
reference_id GHSA-7mqq-6cf9-v2qp
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/
url https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp
9
reference_url https://usn.ubuntu.com/8182-1/
reference_id USN-8182-1
reference_type
scores
url https://usn.ubuntu.com/8182-1/
Weaknesses
0
cwe_id 625
name Permissive Regular Expression
description The product uses a regular expression that does not sufficiently restrict the set of allowed values.
1
cwe_id 41
name Improper Resolution of Path Equivalence
description The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jg77-mm5c-gydu