Search for packages
| purl | pkg:gem/rack@2.2 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8zkw-y3yd-yuft
Aliases: CVE-2020-8161 GHSA-5f9h-9pjv-v6j7 |
Directory traversal in Rack::Directory app bundled with Rack A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | There are no reported fixed by versions. |
|
VCID-qt1u-2p37-xfet
Aliases: CVE-2022-30122 GHSA-hxqx-xwvh-44m2 GMS-2022-1643 |
Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. |
Affected by 22 other vulnerabilities. |
|
VCID-udc4-7jnt-y3fu
Aliases: CVE-2022-30123 GHSA-wq4h-7r42-5hrr GMS-2022-1644 |
Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents. |
Affected by 22 other vulnerabilities. |
|
VCID-xnz5-gv2x-17bk
Aliases: CVE-2020-8184 GHSA-j6w9-fv6q-3q52 |
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix. |
Affected by 24 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:02:32.527831+00:00 | GHSA Importer | Affected by | VCID-qt1u-2p37-xfet | https://github.com/advisories/GHSA-hxqx-xwvh-44m2 | 38.0.0 |
| 2026-04-01T16:02:32.385128+00:00 | GHSA Importer | Affected by | VCID-udc4-7jnt-y3fu | https://github.com/advisories/GHSA-wq4h-7r42-5hrr | 38.0.0 |
| 2026-04-01T15:18:30.202352+00:00 | Ruby Importer | Affected by | VCID-xnz5-gv2x-17bk | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml | 38.0.0 |
| 2026-04-01T15:18:30.130162+00:00 | Ruby Importer | Affected by | VCID-8zkw-y3yd-yuft | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml | 38.0.0 |