Search for packages
| purl | pkg:gem/rack@1.5 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-35e6-cpn8-w7h1
Aliases: CVE-2013-0262 GHSA-85r7-w5mv-c849 OSV-89938 |
Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." |
Affected by 29 other vulnerabilities. |
|
VCID-3ycr-9smk-uqdc
Aliases: CVE-2015-3225 GHSA-rgr4-9jh5-j4j6 |
Potential Denial of Service Vulnerability Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack. |
Affected by 27 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-y12d-fjpf-uubh
Aliases: CVE-2013-0263 GHSA-xc85-32mf-xpv8 OSV-89939 |
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. |
Affected by 29 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:30.322194+00:00 | Ruby Importer | Affected by | VCID-3ycr-9smk-uqdc | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml | 38.0.0 |
| 2026-04-01T15:18:30.284082+00:00 | Ruby Importer | Affected by | VCID-y12d-fjpf-uubh | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0263.yml | 38.0.0 |
| 2026-04-01T15:18:30.154281+00:00 | Ruby Importer | Affected by | VCID-35e6-cpn8-w7h1 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml | 38.0.0 |