VulnerableCode Package Details - pkg:rpm/redhat/rubygem-rack@1:1.3.0-4?arch=el6op

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rubygem-rack@1:1.3.0-4?arch=el6op

Essentials
History (15)

purl	pkg:rpm/redhat/rubygem-rack@1:1.3.0-4?arch=el6op

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.4

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-1r79-ts6t-hufh Aliases: CVE-2014-3674	Enterprise: gears fail to properly isolate network traffic	There are no reported fixed by versions.
VCID-35e6-cpn8-w7h1 Aliases: CVE-2013-0262 GHSA-85r7-w5mv-c849 OSV-89938	Symlink path traversal in Rack::File Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."	There are no reported fixed by versions.
VCID-59k5-93zx-17dn Aliases: CVE-2013-0330 GHSA-25c5-58xw-hw5q	Jenkins allows Remote Users to Build Arbitrary Jobs Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.	There are no reported fixed by versions.
VCID-5ey2-dm5w-y7a6 Aliases: CVE-2014-3602	OpenShift: /proc/net/tcp information disclosure	There are no reported fixed by versions.
VCID-9wdu-x7wy-tkf4 Aliases: CVE-2013-0328 GHSA-q5f8-fxrx-pw6f	Cross-Site Request Forgery (CSRF) CVE-2013-0328 jenkins: XSS	There are no reported fixed by versions.
VCID-c883-yge1-yygb Aliases: CVE-2014-0084 GHSA-756m-3qf2-hp58	openshift-origin-node Improper Input Validation vulnerability Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.	There are no reported fixed by versions.
VCID-ka2b-nyb7-s3c7 Aliases: CVE-2013-0329 GHSA-78cj-2m29-q5r9	Cross-Site Request Forgery (CSRF) Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.	There are no reported fixed by versions.
VCID-kwt4-b76w-tfas Aliases: CVE-2013-0327 GHSA-rqhg-cxfr-8xqw	Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.	There are no reported fixed by versions.
VCID-ntb4-3udv-s7fv Aliases: CVE-2013-0331 GHSA-5c56-g5cq-4gj9	Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.	There are no reported fixed by versions.
VCID-rrwv-dzq7-9ybd Aliases: CVE-2013-2034 GHSA-fg4r-f9j2-36mw	Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.	There are no reported fixed by versions.
VCID-s2ka-cp49-q3hz Aliases: CVE-2014-0175	mcollective: default password set at install	There are no reported fixed by versions.
VCID-vnm4-gfjh-8qa7 Aliases: CVE-2014-0234	openshift-origin-broker: default password creation	There are no reported fixed by versions.
VCID-xenc-mfdw-mucm Aliases: CVE-2013-1808	stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer	There are no reported fixed by versions.
VCID-y12d-fjpf-uubh Aliases: CVE-2013-0263 GHSA-xc85-32mf-xpv8 OSV-89939	Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.	There are no reported fixed by versions.
VCID-z46p-c93u-auav Aliases: CVE-2013-2033 GHSA-826f-32qm-vm3j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2013-2033 Jenkins: Build Description XSS	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:52:31.618457+00:00	RedHat Importer	Affected by	VCID-35e6-cpn8-w7h1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json	38.0.0
2026-04-01T14:52:31.532399+00:00	RedHat Importer	Affected by	VCID-y12d-fjpf-uubh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json	38.0.0
2026-04-01T14:52:29.106440+00:00	RedHat Importer	Affected by	VCID-ntb4-3udv-s7fv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0331.json	38.0.0
2026-04-01T14:52:29.055110+00:00	RedHat Importer	Affected by	VCID-59k5-93zx-17dn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0330.json	38.0.0
2026-04-01T14:52:28.999200+00:00	RedHat Importer	Affected by	VCID-ka2b-nyb7-s3c7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0329.json	38.0.0
2026-04-01T14:52:28.942224+00:00	RedHat Importer	Affected by	VCID-9wdu-x7wy-tkf4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0328.json	38.0.0
2026-04-01T14:52:28.876037+00:00	RedHat Importer	Affected by	VCID-kwt4-b76w-tfas	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json	38.0.0
2026-04-01T14:52:28.742763+00:00	RedHat Importer	Affected by	VCID-xenc-mfdw-mucm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json	38.0.0
2026-04-01T14:51:32.599858+00:00	RedHat Importer	Affected by	VCID-rrwv-dzq7-9ybd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json	38.0.0
2026-04-01T14:51:31.044044+00:00	RedHat Importer	Affected by	VCID-z46p-c93u-auav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2033.json	38.0.0
2026-04-01T14:48:51.515991+00:00	RedHat Importer	Affected by	VCID-c883-yge1-yygb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json	38.0.0
2026-04-01T14:47:52.579176+00:00	RedHat Importer	Affected by	VCID-vnm4-gfjh-8qa7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json	38.0.0
2026-04-01T14:47:31.956972+00:00	RedHat Importer	Affected by	VCID-s2ka-cp49-q3hz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json	38.0.0
2026-04-01T14:46:21.706532+00:00	RedHat Importer	Affected by	VCID-5ey2-dm5w-y7a6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json	38.0.0
2026-04-01T14:45:28.083652+00:00	RedHat Importer	Affected by	VCID-1r79-ts6t-hufh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json	38.0.0