VulnerableCode Package Details - pkg:deb/debian/ruby-rack@2.2.6.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fpg2-nhey-rkcc	Rack has possible DoS Vulnerability in Multipart MIME parsing There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 # Impact The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds A proxy can be configured to limit the POST body size which will mitigate this issue.	CVE-2023-27530 GHSA-3h57-hmj3-gj3p GMS-2023-663
VCID-xkah-9nv9-wufd	Possible Denial of Service Vulnerability in Rack’s header parsing There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.	CVE-2023-27539 GHSA-c6qg-cjj8-47qp GMS-2023-769

Vulnerability

Summary

Aliases

VCID-fpg2-nhey-rkcc

Rack has possible DoS Vulnerability in Multipart MIME parsing There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 # Impact The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds A proxy can be configured to limit the POST body size which will mitigate this issue.

CVE-2023-27530
GHSA-3h57-hmj3-gj3p
GMS-2023-663

VCID-xkah-9nv9-wufd

Possible Denial of Service Vulnerability in Rack’s header parsing There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.

CVE-2023-27539
GHSA-c6qg-cjj8-47qp
GMS-2023-769

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:38:15.849360+00:00	Debian Importer	Fixing	VCID-fpg2-nhey-rkcc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:15.806087+00:00	Debian Importer	Fixing	VCID-xkah-9nv9-wufd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:45.929284+00:00	Debian Importer	Fixing	VCID-fpg2-nhey-rkcc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:56.961778+00:00	Debian Importer	Fixing	VCID-xkah-9nv9-wufd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:20.027328+00:00	Debian Importer	Fixing	VCID-xkah-9nv9-wufd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:19.962519+00:00	Debian Importer	Fixing	VCID-fpg2-nhey-rkcc	https://security-tracker.debian.org/tracker/data/json	38.1.0