Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-6c1k-vgv4-93ad Duplicate This advisory duplicates another. CVE-2022-44570
GHSA-65f5-mfpf-vfhj
GMS-2023-64
VCID-c21j-snf1-d3cb Duplicate This advisory duplicates another. CVE-2022-44572
GHSA-rqv2-275x-2jq5
GMS-2023-66
VCID-fpg2-nhey-rkcc Rack has possible DoS Vulnerability in Multipart MIME parsing There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 # Impact The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds A proxy can be configured to limit the POST body size which will mitigate this issue. CVE-2023-27530
GHSA-3h57-hmj3-gj3p
GMS-2023-663
VCID-qt1u-2p37-xfet Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. CVE-2022-30122
GHSA-hxqx-xwvh-44m2
GMS-2022-1643
VCID-udc4-7jnt-y3fu Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. CVE-2022-30123
GHSA-wq4h-7r42-5hrr
GMS-2022-1644
VCID-vkrw-y1j6-6fe7 Duplicate This advisory duplicates another. CVE-2022-44571
GHSA-93pm-5p5f-3ghx
GMS-2023-65
VCID-xkah-9nv9-wufd Possible Denial of Service Vulnerability in Rack’s header parsing There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround. CVE-2023-27539
GHSA-c6qg-cjj8-47qp
GMS-2023-769

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:38:15.826290+00:00 Debian Importer Fixing VCID-fpg2-nhey-rkcc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:58:26.473796+00:00 Debian Importer Fixing VCID-c21j-snf1-d3cb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:01:58.321245+00:00 Debian Importer Fixing VCID-udc4-7jnt-y3fu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:01:25.182612+00:00 Debian Importer Fixing VCID-vkrw-y1j6-6fe7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:57:51.215496+00:00 Debian Importer Fixing VCID-qt1u-2p37-xfet https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:48:15.799815+00:00 Debian Importer Fixing VCID-xkah-9nv9-wufd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:43:18.345429+00:00 Debian Importer Fixing VCID-6c1k-vgv4-93ad https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-12T18:15:45.947786+00:00 Debian Importer Fixing VCID-fpg2-nhey-rkcc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T18:15:45.883456+00:00 Debian Importer Fixing VCID-c21j-snf1-d3cb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:43.036938+00:00 Debian Importer Fixing VCID-vkrw-y1j6-6fe7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:03:23.570622+00:00 Debian Importer Fixing VCID-udc4-7jnt-y3fu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:00:50.146299+00:00 Debian Importer Fixing VCID-qt1u-2p37-xfet https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:54:56.948986+00:00 Debian Importer Fixing VCID-xkah-9nv9-wufd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:51:34.523314+00:00 Debian Importer Fixing VCID-6c1k-vgv4-93ad https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:52:20.043241+00:00 Debian Importer Fixing VCID-xkah-9nv9-wufd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.978596+00:00 Debian Importer Fixing VCID-fpg2-nhey-rkcc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.912818+00:00 Debian Importer Fixing VCID-c21j-snf1-d3cb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.848687+00:00 Debian Importer Fixing VCID-vkrw-y1j6-6fe7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.784188+00:00 Debian Importer Fixing VCID-6c1k-vgv4-93ad https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.721657+00:00 Debian Importer Fixing VCID-udc4-7jnt-y3fu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:19.667271+00:00 Debian Importer Fixing VCID-qt1u-2p37-xfet https://security-tracker.debian.org/tracker/data/json 38.1.0