Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4?arch=el6
purl pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.4
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-35e6-cpn8-w7h1
Aliases:
CVE-2013-0262
GHSA-85r7-w5mv-c849
OSV-89938
Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." There are no reported fixed by versions.
VCID-59k5-93zx-17dn
Aliases:
CVE-2013-0330
GHSA-25c5-58xw-hw5q
Jenkins allows Remote Users to Build Arbitrary Jobs Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. There are no reported fixed by versions.
VCID-9wdu-x7wy-tkf4
Aliases:
CVE-2013-0328
GHSA-q5f8-fxrx-pw6f
Cross-Site Request Forgery (CSRF) CVE-2013-0328 jenkins: XSS There are no reported fixed by versions.
VCID-ka2b-nyb7-s3c7
Aliases:
CVE-2013-0329
GHSA-78cj-2m29-q5r9
Cross-Site Request Forgery (CSRF) Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. There are no reported fixed by versions.
VCID-kwt4-b76w-tfas
Aliases:
CVE-2013-0327
GHSA-rqhg-cxfr-8xqw
Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. There are no reported fixed by versions.
VCID-ntb4-3udv-s7fv
Aliases:
CVE-2013-0331
GHSA-5c56-g5cq-4gj9
Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. There are no reported fixed by versions.
VCID-y12d-fjpf-uubh
Aliases:
CVE-2013-0263
GHSA-xc85-32mf-xpv8
OSV-89939
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:52:31.628892+00:00 RedHat Importer Affected by VCID-35e6-cpn8-w7h1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json 38.0.0
2026-04-01T14:52:31.559067+00:00 RedHat Importer Affected by VCID-y12d-fjpf-uubh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json 38.0.0
2026-04-01T14:52:29.117009+00:00 RedHat Importer Affected by VCID-ntb4-3udv-s7fv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0331.json 38.0.0
2026-04-01T14:52:29.065198+00:00 RedHat Importer Affected by VCID-59k5-93zx-17dn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0330.json 38.0.0
2026-04-01T14:52:29.011002+00:00 RedHat Importer Affected by VCID-ka2b-nyb7-s3c7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0329.json 38.0.0
2026-04-01T14:52:28.955028+00:00 RedHat Importer Affected by VCID-9wdu-x7wy-tkf4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0328.json 38.0.0
2026-04-01T14:52:28.890686+00:00 RedHat Importer Affected by VCID-kwt4-b76w-tfas https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json 38.0.0