Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rack@1.7
Typegem
Namespace
Namerack
Version1.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9xy8-h3y1-mubv
vulnerability_id VCID-9xy8-h3y1-mubv
summary 
Cross-site Scripting
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to HTTP or HTTPS and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not be impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53283
published_at 2026-04-11T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53232
published_at 2026-04-09T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53238
published_at 2026-04-08T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53185
published_at 2026-04-07T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53217
published_at 2026-04-04T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53193
published_at 2026-04-02T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53169
published_at 2026-04-01T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.5329
published_at 2026-04-16T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53252
published_at 2026-04-13T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53296
published_at 2026-04-18T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.53269
published_at 2026-04-12T12:55:00Z
11
value 0.00829
scoring_system epss
scoring_elements 0.74701
published_at 2026-05-14T12:55:00Z
12
value 0.00829
scoring_system epss
scoring_elements 0.74558
published_at 2026-04-21T12:55:00Z
13
value 0.00829
scoring_system epss
scoring_elements 0.74594
published_at 2026-04-24T12:55:00Z
14
value 0.00829
scoring_system epss
scoring_elements 0.746
published_at 2026-04-26T12:55:00Z
15
value 0.00829
scoring_system epss
scoring_elements 0.74601
published_at 2026-04-29T12:55:00Z
16
value 0.00829
scoring_system epss
scoring_elements 0.74604
published_at 2026-05-05T12:55:00Z
17
value 0.00829
scoring_system epss
scoring_elements 0.74633
published_at 2026-05-07T12:55:00Z
18
value 0.00829
scoring_system epss
scoring_elements 0.74659
published_at 2026-05-09T12:55:00Z
19
value 0.00829
scoring_system epss
scoring_elements 0.74627
published_at 2026-05-11T12:55:00Z
20
value 0.00829
scoring_system epss
scoring_elements 0.74647
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
9
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
10
reference_url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
11
reference_url https://usn.ubuntu.com/4089-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4089-1
12
reference_url https://usn.ubuntu.com/4089-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4089-1/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
reference_id 1646818
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
reference_id 913005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
reference_id CVE-2018-16471
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
16
reference_url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
reference_id GHSA-5r2p-j47h-mhpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
fixed_packages
0
url pkg:gem/rack@2.0.6
purl pkg:gem/rack@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-47ja-djzb-2bbw
4
vulnerability VCID-5twm-pqc2-xyfn
5
vulnerability VCID-6c1k-vgv4-93ad
6
vulnerability VCID-7p12-ejdu-uqgy
7
vulnerability VCID-7wvj-9h3p-23am
8
vulnerability VCID-7zgg-tvu3-r7gt
9
vulnerability VCID-8zkw-y3yd-yuft
10
vulnerability VCID-9rpp-9xss-duf6
11
vulnerability VCID-arac-j5h5-zkcu
12
vulnerability VCID-azu5-jcmd-3ufx
13
vulnerability VCID-c21j-snf1-d3cb
14
vulnerability VCID-c5sc-7qnn-mkb9
15
vulnerability VCID-d58r-22kr-9bct
16
vulnerability VCID-fpg2-nhey-rkcc
17
vulnerability VCID-gdhf-e8q1-kbat
18
vulnerability VCID-gtzk-m9rm-57hw
19
vulnerability VCID-j34j-bgfd-8fez
20
vulnerability VCID-jg77-mm5c-gydu
21
vulnerability VCID-m98a-mcyb-c7fm
22
vulnerability VCID-metf-cghw-p3b5
23
vulnerability VCID-npag-sz7d-v7b6
24
vulnerability VCID-p3dk-p1gb-kkem
25
vulnerability VCID-pbu7-4hdm-s3a6
26
vulnerability VCID-qt1u-2p37-xfet
27
vulnerability VCID-s971-gkdg-jkhc
28
vulnerability VCID-skxv-7he3-xqgc
29
vulnerability VCID-udc4-7jnt-y3fu
30
vulnerability VCID-vkrw-y1j6-6fe7
31
vulnerability VCID-w732-52bx-2qf8
32
vulnerability VCID-wt7k-s1yd-nke6
33
vulnerability VCID-wvs1-dhwp-ebat
34
vulnerability VCID-xazq-qrm1-9ff6
35
vulnerability VCID-xkah-9nv9-wufd
36
vulnerability VCID-xnz5-gv2x-17bk
37
vulnerability VCID-yw62-qbkq-9ygq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.6
aliases CVE-2018-16471, GHSA-5r2p-j47h-mhpg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xy8-h3y1-mubv
1
url VCID-yw62-qbkq-9ygq
vulnerability_id VCID-yw62-qbkq-9ygq
summary 
Possible Information Leak / Session Hijack Vulnerability in Rack
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.

The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

### Impact

The session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

## Releases

The 1.6.12 and 2.0.8 releases are available at the normal locations.

### Workarounds

There are no known workarounds.

### Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 1-6-session-timing-attack.patch - Patch for 1.6 series
* 2-0-session-timing-attack.patch - Patch for 2.6 series

### Credits

Thanks Will Leinweber for reporting this!
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
reference_id
reference_type
scores
0
value 0.00892
scoring_system epss
scoring_elements 0.75707
published_at 2026-05-12T12:55:00Z
1
value 0.00892
scoring_system epss
scoring_elements 0.7569
published_at 2026-05-11T12:55:00Z
2
value 0.00892
scoring_system epss
scoring_elements 0.75705
published_at 2026-05-09T12:55:00Z
3
value 0.00892
scoring_system epss
scoring_elements 0.7568
published_at 2026-05-07T12:55:00Z
4
value 0.00892
scoring_system epss
scoring_elements 0.7565
published_at 2026-05-05T12:55:00Z
5
value 0.00892
scoring_system epss
scoring_elements 0.75647
published_at 2026-04-29T12:55:00Z
6
value 0.00892
scoring_system epss
scoring_elements 0.75636
published_at 2026-04-26T12:55:00Z
7
value 0.00892
scoring_system epss
scoring_elements 0.75631
published_at 2026-04-24T12:55:00Z
8
value 0.00892
scoring_system epss
scoring_elements 0.75593
published_at 2026-04-21T12:55:00Z
9
value 0.00892
scoring_system epss
scoring_elements 0.75761
published_at 2026-05-14T12:55:00Z
10
value 0.01251
scoring_system epss
scoring_elements 0.79291
published_at 2026-04-02T12:55:00Z
11
value 0.01251
scoring_system epss
scoring_elements 0.79285
published_at 2026-04-01T12:55:00Z
12
value 0.01251
scoring_system epss
scoring_elements 0.79315
published_at 2026-04-04T12:55:00Z
13
value 0.01251
scoring_system epss
scoring_elements 0.79301
published_at 2026-04-07T12:55:00Z
14
value 0.01251
scoring_system epss
scoring_elements 0.79327
published_at 2026-04-08T12:55:00Z
15
value 0.01251
scoring_system epss
scoring_elements 0.79336
published_at 2026-04-09T12:55:00Z
16
value 0.01251
scoring_system epss
scoring_elements 0.7936
published_at 2026-04-11T12:55:00Z
17
value 0.01251
scoring_system epss
scoring_elements 0.79345
published_at 2026-04-12T12:55:00Z
18
value 0.01251
scoring_system epss
scoring_elements 0.79334
published_at 2026-04-13T12:55:00Z
19
value 0.01251
scoring_system epss
scoring_elements 0.79361
published_at 2026-04-16T12:55:00Z
20
value 0.01251
scoring_system epss
scoring_elements 0.79357
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
6
reference_url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
12
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/2
13
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/3
14
reference_url http://www.openwall.com/lists/oss-security/2019/12/19/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/19/3
15
reference_url http://www.openwall.com/lists/oss-security/2020/04/08/1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/08/1
16
reference_url http://www.openwall.com/lists/oss-security/2020/04/09/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/09/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
reference_id 1789100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
reference_id 946983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
19
reference_url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
reference_id GHSA-hrqr-hxpp-chr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
20
reference_url https://access.redhat.com/errata/RHSA-2020:2480
reference_id RHSA-2020:2480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2480
21
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
23
reference_url https://usn.ubuntu.com/USN-5253-1/
reference_id USN-USN-5253-1
reference_type
scores
url https://usn.ubuntu.com/USN-5253-1/
fixed_packages
0
url pkg:gem/rack@2.0.0.alpha
purl pkg:gem/rack@2.0.0.alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-47ja-djzb-2bbw
4
vulnerability VCID-5twm-pqc2-xyfn
5
vulnerability VCID-6c1k-vgv4-93ad
6
vulnerability VCID-7p12-ejdu-uqgy
7
vulnerability VCID-7wvj-9h3p-23am
8
vulnerability VCID-7zgg-tvu3-r7gt
9
vulnerability VCID-8zkw-y3yd-yuft
10
vulnerability VCID-9rpp-9xss-duf6
11
vulnerability VCID-arac-j5h5-zkcu
12
vulnerability VCID-azu5-jcmd-3ufx
13
vulnerability VCID-c21j-snf1-d3cb
14
vulnerability VCID-c5sc-7qnn-mkb9
15
vulnerability VCID-d58r-22kr-9bct
16
vulnerability VCID-fpg2-nhey-rkcc
17
vulnerability VCID-gdhf-e8q1-kbat
18
vulnerability VCID-gtzk-m9rm-57hw
19
vulnerability VCID-j34j-bgfd-8fez
20
vulnerability VCID-jg77-mm5c-gydu
21
vulnerability VCID-m98a-mcyb-c7fm
22
vulnerability VCID-metf-cghw-p3b5
23
vulnerability VCID-npag-sz7d-v7b6
24
vulnerability VCID-p3dk-p1gb-kkem
25
vulnerability VCID-pbu7-4hdm-s3a6
26
vulnerability VCID-qt1u-2p37-xfet
27
vulnerability VCID-s971-gkdg-jkhc
28
vulnerability VCID-skxv-7he3-xqgc
29
vulnerability VCID-udc4-7jnt-y3fu
30
vulnerability VCID-vkrw-y1j6-6fe7
31
vulnerability VCID-w732-52bx-2qf8
32
vulnerability VCID-wt7k-s1yd-nke6
33
vulnerability VCID-wvs1-dhwp-ebat
34
vulnerability VCID-xazq-qrm1-9ff6
35
vulnerability VCID-xkah-9nv9-wufd
36
vulnerability VCID-xnz5-gv2x-17bk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha
1
url pkg:gem/rack@2.0.8
purl pkg:gem/rack@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-47ja-djzb-2bbw
4
vulnerability VCID-5twm-pqc2-xyfn
5
vulnerability VCID-6c1k-vgv4-93ad
6
vulnerability VCID-7p12-ejdu-uqgy
7
vulnerability VCID-7wvj-9h3p-23am
8
vulnerability VCID-7zgg-tvu3-r7gt
9
vulnerability VCID-8zkw-y3yd-yuft
10
vulnerability VCID-9rpp-9xss-duf6
11
vulnerability VCID-arac-j5h5-zkcu
12
vulnerability VCID-azu5-jcmd-3ufx
13
vulnerability VCID-c21j-snf1-d3cb
14
vulnerability VCID-c5sc-7qnn-mkb9
15
vulnerability VCID-d58r-22kr-9bct
16
vulnerability VCID-fpg2-nhey-rkcc
17
vulnerability VCID-gdhf-e8q1-kbat
18
vulnerability VCID-gtzk-m9rm-57hw
19
vulnerability VCID-j34j-bgfd-8fez
20
vulnerability VCID-jg77-mm5c-gydu
21
vulnerability VCID-m98a-mcyb-c7fm
22
vulnerability VCID-metf-cghw-p3b5
23
vulnerability VCID-npag-sz7d-v7b6
24
vulnerability VCID-p3dk-p1gb-kkem
25
vulnerability VCID-pbu7-4hdm-s3a6
26
vulnerability VCID-qt1u-2p37-xfet
27
vulnerability VCID-s971-gkdg-jkhc
28
vulnerability VCID-skxv-7he3-xqgc
29
vulnerability VCID-udc4-7jnt-y3fu
30
vulnerability VCID-vkrw-y1j6-6fe7
31
vulnerability VCID-w732-52bx-2qf8
32
vulnerability VCID-wt7k-s1yd-nke6
33
vulnerability VCID-wvs1-dhwp-ebat
34
vulnerability VCID-xazq-qrm1-9ff6
35
vulnerability VCID-xkah-9nv9-wufd
36
vulnerability VCID-xnz5-gv2x-17bk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8
aliases CVE-2019-16782, GHSA-hrqr-hxpp-chr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yw62-qbkq-9ygq
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rack@1.7