VulnerableCode Package Details - pkg:ebuild/dev-ruby/rack@1.4.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-35e6-cpn8-w7h1	Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."	CVE-2013-0262 GHSA-85r7-w5mv-c849 OSV-89938
VCID-91xe-ev7t-akb9	Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.	CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317
VCID-9uh8-upzm-7bgd	Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."	CVE-2013-0184 GHSA-v882-ccj6-jc48 OSV-89327
VCID-teq8-nqhf-xbbq	Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.	CVE-2013-0183 GHSA-3pxh-h8hw-mj8w OSV-89320
VCID-y12d-fjpf-uubh	Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.	CVE-2013-0263 GHSA-xc85-32mf-xpv8 OSV-89939

Vulnerability

Summary

Aliases

VCID-35e6-cpn8-w7h1

Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVE-2013-0262
GHSA-85r7-w5mv-c849
OSV-89938

VCID-91xe-ev7t-akb9

Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

CVE-2012-6109
GHSA-h77x-m5q8-c29h
OSV-89317

VCID-9uh8-upzm-7bgd

Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."

CVE-2013-0184
GHSA-v882-ccj6-jc48
OSV-89327

VCID-teq8-nqhf-xbbq

Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

CVE-2013-0183
GHSA-3pxh-h8hw-mj8w
OSV-89320

VCID-y12d-fjpf-uubh

Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.

CVE-2013-0263
GHSA-xc85-32mf-xpv8
OSV-89939

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:01:30.596715+00:00	Gentoo Importer	Fixing	VCID-y12d-fjpf-uubh	https://security.gentoo.org/glsa/201405-10	38.0.0
2026-04-01T13:01:30.585566+00:00	Gentoo Importer	Fixing	VCID-35e6-cpn8-w7h1	https://security.gentoo.org/glsa/201405-10	38.0.0
2026-04-01T13:01:30.575258+00:00	Gentoo Importer	Fixing	VCID-9uh8-upzm-7bgd	https://security.gentoo.org/glsa/201405-10	38.0.0
2026-04-01T13:01:30.563019+00:00	Gentoo Importer	Fixing	VCID-teq8-nqhf-xbbq	https://security.gentoo.org/glsa/201405-10	38.0.0
2026-04-01T13:01:30.552947+00:00	Gentoo Importer	Fixing	VCID-91xe-ev7t-akb9	https://security.gentoo.org/glsa/201405-10	38.0.0