VulnerableCode Package Details - pkg:rpm/redhat/rubygem-rack@2.2.7-1?arch=el8sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rubygem-rack@2.2.7-1?arch=el8sat

Essentials
History (5)

purl	pkg:rpm/redhat/rubygem-rack@2.2.7-1?arch=el8sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-6c1k-vgv4-93ad Aliases: CVE-2022-44570 GHSA-65f5-mfpf-vfhj GMS-2023-64	Duplicate This advisory duplicates another.	There are no reported fixed by versions.
VCID-c21j-snf1-d3cb Aliases: CVE-2022-44572 GHSA-rqv2-275x-2jq5 GMS-2023-66	Duplicate This advisory duplicates another.	There are no reported fixed by versions.
VCID-fpg2-nhey-rkcc Aliases: CVE-2023-27530 GHSA-3h57-hmj3-gj3p GMS-2023-663	Rack has possible DoS Vulnerability in Multipart MIME parsing There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 # Impact The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds A proxy can be configured to limit the POST body size which will mitigate this issue.	There are no reported fixed by versions.
VCID-vkrw-y1j6-6fe7 Aliases: CVE-2022-44571 GHSA-93pm-5p5f-3ghx GMS-2023-65	Duplicate This advisory duplicates another.	There are no reported fixed by versions.
VCID-xkah-9nv9-wufd Aliases: CVE-2023-27539 GHSA-c6qg-cjj8-47qp GMS-2023-769	Possible Denial of Service Vulnerability in Rack’s header parsing There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:40.396647+00:00	RedHat Importer	Affected by	VCID-c21j-snf1-d3cb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json	38.0.0
2026-04-01T13:55:40.372657+00:00	RedHat Importer	Affected by	VCID-6c1k-vgv4-93ad	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json	38.0.0
2026-04-01T13:55:40.348857+00:00	RedHat Importer	Affected by	VCID-vkrw-y1j6-6fe7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json	38.0.0
2026-04-01T13:55:08.614372+00:00	RedHat Importer	Affected by	VCID-fpg2-nhey-rkcc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json	38.0.0
2026-04-01T13:55:02.494576+00:00	RedHat Importer	Affected by	VCID-xkah-9nv9-wufd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json	38.0.0