{"url":"http://public2.vulnerablecode.io/api/packages/166027?format=json","purl":"pkg:gem/rack@3.0.3","type":"gem","namespace":"","name":"rack","version":"3.0.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.21","latest_non_vulnerable_version":"3.2.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48004?format=json","vulnerability_id":"VCID-3jru-u17n-tyg1","summary":"Rack has a Possible Information Disclosure Vulnerability\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01455","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784"},{"reference_url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a"},{"reference_url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855","reference_id":"1117855","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126","reference_id":"2403126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780","reference_id":"CVE-2025-61780","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml","reference_id":"CVE-2025-61780.YML","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml"},{"reference_url":"https://github.com/advisories/GHSA-r657-rxjc-j557","reference_id":"GHSA-r657-rxjc-j557","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557","reference_id":"GHSA-r657-rxjc-j557","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70811?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/70812?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61780","GHSA-r657-rxjc-j557"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jru-u17n-tyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51546?format=json","vulnerability_id":"VCID-3nmb-xetr-6qbg","summary":"Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.\n## Summary\n\n`Rack::Multipart::Parser` extracts the `boundary` parameter from\n`multipart/form-data` using a greedy regular expression. When a\n`Content-Type` header contains multiple `boundary` parameters,\nRack selects the last one rather than the first.\n\nIn deployments where an upstream proxy, WAF, or intermediary\ninterprets the first `boundary` parameter, this mismatch can\nallow an attacker to smuggle multipart content past upstream\ninspection and have Rack parse a different body structure than\nthe intermediary validated.\n\n## Details\n\nRack identifies the multipart boundary using logic equivalent to:\n\n```ruby\nMULTIPART = %r|\\Amultipart/.*boundary=\\\"?([^\\\";,]+)\\\"?|ni\n```\n\nBecause the expression is greedy, it matches the last `boundary=`\nparameter in a header such as:\n\n```http\nContent-Type: multipart/form-data; boundary=safe; boundary=malicious\n```\n\nAs a result, Rack parses the request body using `malicious`, while\nanother component may interpret the same header using `safe`.\n\nThis creates an interpretation conflict. If an upstream WAF or proxy\ninspects multipart parts using the first boundary and Rack later\nparses the body using the last boundary, a client may be able to\nplace malicious form fields or uploaded content in parts that Rack\naccepts but the upstream component did not inspect as intended.\n\nThis issue is most relevant in layered deployments where security\ndecisions are made before the request reaches Rack.\n\n## Impact\n\nApplications that accept `multipart/form-data` uploads behind an\ninspecting proxy or WAF may be affected.\n\nIn such deployments, an attacker may be able to bypass upstream\nfiltering of uploaded files or form fields by sending a request\nwith multiple `boundary` parameters and relying on the intermediary\nand Rack to parse the request differently.\n\nThe practical impact depends on deployment architecture. If no\nupstream component relies on a different multipart interpretation,\nthis behavior may not provide meaningful additional attacker capability.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects ambiguous multipart\n  `Content-Type` headers or parses duplicate `boundary` parameters\n  consistently.\n* Reject requests containing multiple `boundary` parameters.\n* Normalize or regenerate multipart metadata at the trusted edge\n  before forwarding requests to Rack.\n* Avoid relying on upstream inspection of malformed multipart\n  requests unless duplicate parameter handling is explicitly\n  consistent across components.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26961","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02834","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26961","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454483","reference_id":"2454483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454483"},{"reference_url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3","reference_id":"GHSA-vgpv-f759-9wx3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-26961","GHSA-vgpv-f759-9wx3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nmb-xetr-6qbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47151?format=json","vulnerability_id":"VCID-52qe-dast-tkhu","summary":"Rack Header Parsing leads to Possible Denial of Service Vulnerability\n# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73999","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716"},{"reference_url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582"},{"reference_url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f"},{"reference_url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595","reference_id":"2265595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146","reference_id":"CVE-2024-26146","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","reference_id":"CVE-2024-26146.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml"},{"reference_url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0006/","reference_id":"ntap-20240510-0006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69188?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26146","GHSA-54rr-7fvw-6x8f"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52qe-dast-tkhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51527?format=json","vulnerability_id":"VCID-6ydb-e746-vbd8","summary":"Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header\n## Summary\n\n`Rack::Utils.select_best_encoding` processes `Accept-Encoding` values\nwith quadratic time complexity when the header contains many\nwildcard (`*`) entries. Because this method is used by `Rack::Deflater`\nto choose a response encoding, an unauthenticated attacker can send\na single request with a crafted `Accept-Encoding` header and cause\ndisproportionate CPU consumption on the compression middleware path.\n\nThis results in a denial of service condition for applications\nusing `Rack::Deflater`.\n\n## Details\n\n`Rack::Utils.select_best_encoding` expands parsed `Accept-Encoding`\nvalues into a list of candidate encodings. When an entry is `*`,\nthe method computes the set of concrete encodings by subtracting\nthe encodings already present in the request:\n\n```ruby\nif m == \"*\"\n  (available_encodings - accept_encoding.map(&:first)).each do |m2|\n    expanded_accept_encoding << [m2, q, preference]\n  end\nelse\n  expanded_accept_encoding << [m, q, preference]\nend\n```\n\nBecause `accept_encoding.map(&:first)` is evaluated inside the loop,\nit is recomputed for each wildcard entry. If the request contains\n`N` wildcard entries, this produces repeated scans over the full\nparsed header and causes quadratic behavior.\n\nAfter expansion, the method also performs additional work over\n`expanded_accept_encoding`, including per-entry deletion, which\nfurther increases the cost for large inputs.\n\n`Rack::Deflater` invokes this method for each request when the\nmiddleware is enabled:\n\n```ruby\nUtils.select_best_encoding(ENCODINGS, Utils.parse_encodings(accept_encoding))\n```\n\nAs a result, a client can trigger this expensive code path simply\nby sending a large `Accept-Encoding` header containing many\nrepeated wildcard values.\n\nFor example, a request with an approximately 8 KB `Accept-Encoding`\nheader containing about 1,000 `*;q=0.5` entries can cause roughly\n170 ms of CPU time in a single request on the `Rack::Deflater`\npath, compared to a negligible baseline for a normal header.\n\nThis issue is distinct from CVE-2024-26146. That issue concerned\nregular expression denial of service during `Accept` header parsing,\nwhereas this issue arises later during encoding selection after\nthe header has already been parsed.\n\n## Impact\n\nAny Rack application using `Rack::Deflater` may be affected.\n\nAn unauthenticated attacker can send requests with crafted\n`Accept-Encoding` headers to trigger excessive CPU usage in the\nencoding selection logic. Repeated requests can consume worker\ntime disproportionately and reduce application availability.\n\nThe attack does not require invalid HTTP syntax or large payload\nbodies. A single header-sized request is sufficient to reach the\nvulnerable code path.\n\n## Mitigation\n\n* Update to a patched version of Rack in which encoding selection\n  does not repeatedly rescan the parsed header for wildcard entries.\n* Avoid enabling `Rack::Deflater` on untrusted traffic.\n* Apply request filtering or header size / format restrictions\n  at the reverse proxy or application boundary to limit abusive\n  `Accept-Encoding` values.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34230","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0648","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34230","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454493","reference_id":"2454493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454493"},{"reference_url":"https://github.com/advisories/GHSA-v569-hp3g-36wr","reference_id":"GHSA-v569-hp3g-36wr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v569-hp3g-36wr"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34230","GHSA-v569-hp3g-36wr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ydb-e746-vbd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51531?format=json","vulnerability_id":"VCID-7cef-z5qm-afd8","summary":"ReDoS Vulnerability in Rack::Multipart handle_mime_head\n### Summary\n\nThere is a denial of service vulnerability in the\nContent-Disposition parsing component of Rack. This is very\nsimilar to the previous security issue CVE-2022-44571.\n\n### Details\n\nCarefully crafted input can cause Content-Disposition header\nparsing in Rack to take an unexpected amount of time, possibly\nresulting in a denial of service attack vector. This header is\nused typically used in multipart parsing. Any applications that\nparse multipart posts using Rack (virtually all Rails applications)\nare impacted.\n\n### Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting\nthis to the Rails security team","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68971","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f"},{"reference_url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363","reference_id":"1107363","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346","reference_id":"2370346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007","reference_id":"CVE-2025-49007","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","reference_id":"CVE-2025-49007.YML","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml"},{"reference_url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw","reference_id":"GHSA-47m2-26rw-j2jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85314?format=json","purl":"pkg:gem/rack@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16"}],"aliases":["CVE-2025-49007","GHSA-47m2-26rw-j2jw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cef-z5qm-afd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50172?format=json","vulnerability_id":"VCID-bj83-rx84-v3g9","summary":"Rack has a Directory Traversal via Rack:Directory\n`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31095","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/"}],"url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479","reference_id":"1128479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737","reference_id":"2440737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860","reference_id":"CVE-2026-22860","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml","reference_id":"CVE-2026-22860.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml"},{"reference_url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"GHSA-mxw3-3hh2-x2mh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"GHSA-mxw3-3hh2-x2mh","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74065?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/74066?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-22860","GHSA-mxw3-3hh2-x2mh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj83-rx84-v3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44670?format=json","vulnerability_id":"VCID-bqpn-m2fh-9kab","summary":"Possible Denial of Service Vulnerability in Rack’s header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58804","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c"},{"reference_url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0016","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0016"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264","reference_id":"1033264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649","reference_id":"2179649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539","reference_id":"CVE-2023-27539","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","reference_id":"CVE-2023-27539.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml"},{"reference_url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","reference_id":"GHSA-c6qg-cjj8-47qp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0016/","reference_id":"ntap-20231208-0016","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231208-0016/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1953","reference_id":"RHSA-2023:1953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1961","reference_id":"RHSA-2023:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1981","reference_id":"RHSA-2023:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2652","reference_id":"RHSA-2023:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3082","reference_id":"RHSA-2023:3082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3403","reference_id":"RHSA-2023:3403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3495","reference_id":"RHSA-2023:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6905-1/","reference_id":"USN-6905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6905-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64318?format=json","purl":"pkg:gem/rack@3.0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1"}],"aliases":["CVE-2023-27539","GHSA-c6qg-cjj8-47qp","GMS-2023-769"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqpn-m2fh-9kab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44234?format=json","vulnerability_id":"VCID-c9mc-7nts-cfgy","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49002","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49063","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml"},{"reference_url":"https://hackerone.com/reports/1639882","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1639882"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722","reference_id":"2164722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572","reference_id":"CVE-2022-44572","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"},{"reference_url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","reference_id":"GHSA-rqv2-275x-2jq5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63600?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44572","GHSA-rqv2-275x-2jq5","GMS-2023-66"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9mc-7nts-cfgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51535?format=json","vulnerability_id":"VCID-csrd-u9cz-u7ak","summary":"Local File Inclusion in Rack::Static\n## Summary\n\n`Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.\n\n## Details\n\nThe vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.\n\n## Impact\n\nBy exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Static`, or\n- Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.\n\nIt is likely that a CDN or similar static file server would also mitigate the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27610","reference_id":"","reference_type":"","scores":[{"value":"0.01354","scoring_system":"epss","scoring_elements":"0.80477","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/"}],"url":"https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444","reference_id":"1100444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351231","reference_id":"2351231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351231"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27610","reference_id":"CVE-2025-27610","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27610"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml","reference_id":"CVE-2025-27610.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml"},{"reference_url":"https://github.com/advisories/GHSA-7wqh-767x-r66v","reference_id":"GHSA-7wqh-767x-r66v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7wqh-767x-r66v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3448","reference_id":"RHSA-2025:3448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3490","reference_id":"RHSA-2025:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3491","reference_id":"RHSA-2025:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3492","reference_id":"RHSA-2025:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4576","reference_id":"RHSA-2025:4576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4576"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84290?format=json","purl":"pkg:gem/rack@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/84291?format=json","purl":"pkg:gem/rack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12"}],"aliases":["CVE-2025-27610","GHSA-7wqh-767x-r66v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-csrd-u9cz-u7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47952?format=json","vulnerability_id":"VCID-dss4-6ptr-83av","summary":"Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28604","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628","reference_id":"1117628","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175","reference_id":"2402175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771","reference_id":"CVE-2025-61771","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","reference_id":"CVE-2025-61771.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml"},{"reference_url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70750?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/70751?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61771","GHSA-w9pc-fmgc-vxvw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dss4-6ptr-83av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48000?format=json","vulnerability_id":"VCID-e11g-k7zm-vkhu","summary":"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51855","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"},{"reference_url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"},{"reference_url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856","reference_id":"1117856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180","reference_id":"2403180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919","reference_id":"CVE-2025-61919","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","reference_id":"CVE-2025-61919.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml"},{"reference_url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70811?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/70812?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61919","GHSA-6xw4-3v39-52mm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e11g-k7zm-vkhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51542?format=json","vulnerability_id":"VCID-e8ab-9br9-6ybt","summary":"Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads\n## Summary\n\n`Rack::Multipart::Parser` only wraps the request body in a `BoundedIO`\nwhen `CONTENT_LENGTH` is present. When a `multipart/form-data` request\nis sent without a `Content-Length` header, such as with HTTP chunked\ntransfer encoding, multipart parsing continues until end-of-stream\nwith no total size limit.\n\nFor file parts, the uploaded body is written directly to a temporary\nfile on disk rather than being constrained by the buffered in-memory\nupload limit. An unauthenticated attacker can therefore stream an\narbitrarily large multipart file upload and consume unbounded disk space.\n\nThis results in a denial of service condition for Rack applications\nthat accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser.parse` applies `BoundedIO` only when\n`content_length` is not `nil`:\n\n```ruby\nio = BoundedIO.new(io, content_length) if content_length\n```\n\nWhen `CONTENT_LENGTH` is absent, the parser reads the multipart body\nuntil EOF without a global byte limit.\n\nAlthough Rack enforces `BUFFERED_UPLOAD_BYTESIZE_LIMIT` for retained\nnon-file parts, file uploads are handled differently. When a multipart\npart includes a filename, the body is streamed to a `Tempfile`, and\nthe retained-size accounting is not applied to that file content.\nAs a result, file parts are not subject to the same upload size bound.\n\nAn attacker can exploit this by sending a chunked `multipart/form-data`\nrequest containing a file part and continuously streaming data without\ndeclaring a `Content-Length`. Rack will continue writing the uploaded\ndata to disk until the client stops or the server exhausts available storage.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` uploads may be\naffected if no upstream component enforces a request body size limit.\n\nAn unauthenticated attacker can send a large chunked file upload to\nconsume disk space on the application host. This may cause request\nfailures, application instability, or broader service disruption if\nthe host runs out of available storage.\n\nThe practical impact depends on deployment architecture. Reverse proxies\nor application servers that enforce upload limits may reduce or eliminate\nexploitability, but Rack itself does not impose a total multipart\nupload limit in this code path when `CONTENT_LENGTH` is absent.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a total multipart\n  upload size limit even when `CONTENT_LENGTH` is absent.\n* Enforce request body size limits at the reverse proxy or\n  application server.\n* Isolate temporary upload storage and monitor disk consumption\n  for multipart endpoints.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34829","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20434","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34829","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454488","reference_id":"2454488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454488"},{"reference_url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw","reference_id":"GHSA-8vqr-qjwx-82mw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34829","GHSA-8vqr-qjwx-82mw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ab-9br9-6ybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44226?format=json","vulnerability_id":"VCID-ebb6-b5tx-5bhf","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571","reference_id":"","reference_type":"","scores":[{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.87087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.87109","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714","reference_id":"2164714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571","reference_id":"CVE-2022-44571","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571"},{"reference_url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","reference_id":"GHSA-93pm-5p5f-3ghx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63600?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44571","GHSA-93pm-5p5f-3ghx","GMS-2023-65"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebb6-b5tx-5bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51526?format=json","vulnerability_id":"VCID-ewfc-rx8b-jfc4","summary":"Rack:: Static header_rules bypass via URL-encoded paths\n## Summary\n\n`Rack::Static#applicable_rules` evaluates several `header_rules`\ntypes against the raw URL-encoded `PATH_INFO`, while the underlying\nfile-serving path is decoded before the file is served. As a result,\na request for a URL-encoded variant of a static path can serve\nthe same file without the headers that `header_rules` were intended to apply.\n\nIn deployments that rely on `Rack::Static` to attach security-relevant\nresponse headers to static content, this can allow an attacker to\nbypass those headers by requesting an encoded form of the path.\n\n## Details\n\n`Rack::Static#applicable_rules` matches rule types such as `:fonts`,\n`Array`, and `Regexp` directly against the incoming `PATH_INFO`. For example:\n\n```ruby\nwhen :fonts\n  /\\.(?:ttf|otf|eot|woff2|woff|svg)\\z/.match?(path)\nwhen Array\n  /\\.(#{rule.join('|')})\\z/.match?(path)\nwhen Regexp\n  rule.match?(path)\n```\n\nThese checks operate on the raw request path. If the request contains\nencoded characters such as `%2E` in place of `.`, the rule may fail\nto match even though the file path is later decoded and served\nsuccessfully by the static file server.\n\nFor example, both of the following requests may resolve to the\nsame file on disk:\n\n```text\n/fonts/test.woff\n/fonts/test%2Ewoff\n```\n\nbut only the unencoded form may receive the headers configured\nthrough `header_rules`.\n\nThis creates a canonicalization mismatch between the path used\nfor header policy decisions and the path ultimately used for file serving.\n\n## Impact\n\nApplications that rely on `Rack::Static` `header_rules` to apply\nsecurity-relevant headers to static files may be affected.\n\nIn affected deployments, an attacker can request an encoded\nvariant of a static file path and receive the same file without\nthe intended headers. Depending on how `header_rules` are used,\nthis may bypass protections such as clickjacking defenses, content\nrestrictions, or other response policies applied to static content.\n\nThe practical impact depends on the configured rules and the types\nof files being served. If `header_rules` are only used for\nnon-security purposes such as caching, the issue may have limited\nsecurity significance.\n\n## Mitigation\n\n* Update to a patched version of Rack that applies `header_rules`\n  to a decoded path consistently with static file resolution.\n* Do not rely solely on `Rack::Static` `header_rules` for\n  security-critical headers where encoded path variants may\n  reach the application.\n* Prefer setting security headers at the reverse proxy or web server\n  layer so they apply consistently to both encoded and unencoded path forms.\n* Normalize or reject encoded path variants for static content\n  at the edge, where feasible.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34786","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13782","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34786","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454507","reference_id":"2454507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454507"},{"reference_url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh","reference_id":"GHSA-q4qf-9j86-f5mh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34786","GHSA-q4qf-9j86-f5mh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewfc-rx8b-jfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51536?format=json","vulnerability_id":"VCID-h8af-h199-qqfz","summary":"Rack's multipart byte range processing allows denial of service via excessive overlapping ranges\n## Summary\n\n`Rack::Utils.get_byte_ranges` parses the HTTP `Range` header without\nlimiting the number of individual byte ranges. Although the existing\nfix for CVE-2024-26141 rejects ranges whose total byte coverage\nexceeds the file size, it does not restrict the count of ranges.\nAn attacker can supply many small overlapping ranges such as\n`0-0,0-0,0-0,...` to trigger disproportionate CPU, memory, I/O,\nand bandwidth consumption per request.\n\nThis results in a denial of service condition in Rack file-serving\npaths that process multipart byte range responses.\n\n## Details\n\n`Rack::Utils.get_byte_ranges` accepts a comma-separated list of byte\nranges and validates them based on their aggregate size, but does\nnot impose a limit on how many individual ranges may be supplied.\n\nAs a result, a request such as:\n\n```http\nRange: bytes=0-0,0-0,0-0,0-0,...\n```\n\ncan contain thousands of overlapping one-byte ranges while still\nsatisfying the total-size check added for CVE-2024-26141.\n\nWhen such a header is processed by Rack’s file-serving code, each\nrange causes additional work, including multipart response generation,\nper-range iteration, file seek and read operations, and temporary\nstring allocation for response size calculation and output. This\nallows a relatively small request header to trigger disproportionately\nexpensive processing and a much larger multipart response.\n\nThe issue is distinct from CVE-2024-26141. That fix prevents range\nsets whose total byte coverage exceeds the file size, but does not\nprevent a large number of overlapping ranges whose summed size\nremains within that limit.\n\n## Impact\n\nApplications that expose file-serving paths with byte range support\nmay be vulnerable to denial of service.\n\nAn unauthenticated attacker can send crafted `Range` headers containing\nmany small overlapping ranges to consume excessive CPU time, memory,\nfile I/O, and bandwidth. Repeated requests may reduce application\navailability and increase pressure on workers and garbage collection.\n\n## Mitigation\n\n* Update to a patched version of Rack that limits the number\n  of accepted byte ranges.\n* Reject or normalize multipart byte range requests containing\n  excessive range counts.\n* Consider disabling multipart range support where it is not required.\n* Apply request filtering or header restrictions at the reverse\n  proxy or application boundary to limit abusive `Range` headers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34826","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05934","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34826","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454508","reference_id":"2454508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454508"},{"reference_url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx","reference_id":"GHSA-x8cg-fq8g-mxfx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34826","GHSA-x8cg-fq8g-mxfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8af-h199-qqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47156?format=json","vulnerability_id":"VCID-heu4-cd3d-73ck","summary":"Rack has possible DoS Vulnerability with Range Header\n# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  >= 1.3.0.\nNot affected:       < 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141","reference_id":"","reference_type":"","scores":[{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9"},{"reference_url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594","reference_id":"2265594","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141","reference_id":"CVE-2024-26141","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","reference_id":"CVE-2024-26141.YML","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml"},{"reference_url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"GHSA-xj5v-6v4g-jfw6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"GHSA-xj5v-6v4g-jfw6","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0007/","reference_id":"ntap-20240510-0007","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69188?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26141","GHSA-xj5v-6v4g-jfw6"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-heu4-cd3d-73ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51549?format=json","vulnerability_id":"VCID-hpw3-uw3x-mqgq","summary":"Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters\n## Summary\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted multipart\nparameters such as `Content-Disposition: form-data; name=\"...\"`\nusing repeated `String#index` searches combined with `String#slice!`\nprefix deletion. For escape-heavy quoted values, this causes\nsuper-linear processing.\n\nAn unauthenticated attacker can send a crafted `multipart/form-data`\nrequest containing many parts with long backslash-escaped parameter\nvalues to trigger excessive CPU usage during multipart parsing.\n\nThis results in a denial of service condition in Rack applications\nthat accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted parameter\nvalues by repeatedly:\n\n1. Searching for the next quote or backslash,\n2. Copying the preceding substring into a new buffer, and\n3. Removing the processed prefix from the original string with `slice!`.\n\nAn attacker can exploit this by sending a multipart request with many\nparts whose `name` parameters contain long escape-heavy values such as:\n\n```text\nname=\"a\\\\a\\\\a\\\\a\\\\a\\\\...\"\n```\n\nUnder default Rack limits, a request can contain up to 4095 parts. If\nmany of those parts use long quoted values with dense escape characters,\nthe parser performs disproportionately expensive CPU work while\nremaining within normal request size and part-count limits.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` requests may be\naffected, including file upload endpoints and standard HTML form handlers.\n\nAn unauthenticated attacker can send crafted multipart requests that\nconsume excessive CPU time during request parsing. Repeated requests\ncan tie up application workers, reduce throughput, and degrade or\ndeny service availability.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses quoted multipart\n  parameters without repeated rescanning and destructive prefix deletion.\n* Apply request throttling or rate limiting to multipart upload endpoints.\n* Where operationally feasible, restrict or isolate multipart parsing\n  on untrusted high-volume endpoints.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34827","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0645","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34827"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:04Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34827.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34827","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454501","reference_id":"2454501","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454501"},{"reference_url":"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x","reference_id":"GHSA-v6x5-cg8r-vv6x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34827","GHSA-v6x5-cg8r-vv6x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpw3-uw3x-mqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47962?format=json","vulnerability_id":"VCID-k8fr-zuyx-yyhg","summary":"Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55735","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200","reference_id":"2402200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772","reference_id":"CVE-2025-61772","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","reference_id":"CVE-2025-61772.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml"},{"reference_url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70750?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/70751?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61772","GHSA-wpv5-97wm-hp9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8fr-zuyx-yyhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44225?format=json","vulnerability_id":"VCID-mgx9-9bua-37f3","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44570","reference_id":"","reference_type":"","scores":[{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.87087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.87109","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0010"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164719","reference_id":"2164719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44570","reference_id":"CVE-2022-44570","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44570"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml","reference_id":"CVE-2022-44570.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml"},{"reference_url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj","reference_id":"GHSA-65f5-mfpf-vfhj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63600?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44570","GHSA-65f5-mfpf-vfhj","GMS-2023-64"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgx9-9bua-37f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51547?format=json","vulnerability_id":"VCID-p1cf-naeh-bbgx","summary":"Rack has an Unbounded-Parameter DoS in Rack::QueryParser\n## Summary\n\n`Rack::QueryParser` parses query strings and\n`application/x-www-form-urlencoded` bodies into Ruby data structures\nwithout imposing any limit on the number of parameters, allowing\nattackers to send requests with extremely large numbers of parameters.\n\n## Details\n\nThe vulnerability arises because `Rack::QueryParser` iterates over\neach `&`-separated key-value pair and adds it to a Hash without\nenforcing an upper bound on the total number of parameters. This\nallows an attacker to send a single request containing hundreds of\nthousands (or more) of parameters, which consumes excessive memory\nand CPU during parsing.\n\n## Impact\n\nAn attacker can trigger denial of service by sending specifically\ncrafted HTTP requests, which can cause memory exhaustion or pin CPU\nresources, stalling or crashing the Rack server. This results in\nfull service disruption until the affected worker is restarted.\n\n## Mitigation\n\n- Update to a version of Rack that limits the number of parameters parsed, or\n- Use middleware to enforce a maximum query string size or parameter count, or\n- Employ a reverse proxy (such as Nginx) to limit request sizes and\n  reject oversized query strings or bodies.\n\nLimiting request body sizes and query string lengths at the web\nserver or CDN level is an effective mitigation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46727","reference_id":"","reference_type":"","scores":[{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74592","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712"},{"reference_url":"https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3"},{"reference_url":"https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927","reference_id":"1104927","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364966","reference_id":"2364966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364966"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46727","reference_id":"CVE-2025-46727","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46727"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml","reference_id":"CVE-2025-46727.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml"},{"reference_url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx","reference_id":"GHSA-gjh7-p2fx-99vx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7604","reference_id":"RHSA-2025:7604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7604"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7605","reference_id":"RHSA-2025:7605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8254","reference_id":"RHSA-2025:8254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8256","reference_id":"RHSA-2025:8256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8279","reference_id":"RHSA-2025:8279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8288","reference_id":"RHSA-2025:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8289","reference_id":"RHSA-2025:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8290","reference_id":"RHSA-2025:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8291","reference_id":"RHSA-2025:8291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8319","reference_id":"RHSA-2025:8319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8322","reference_id":"RHSA-2025:8322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8323","reference_id":"RHSA-2025:8323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9838","reference_id":"RHSA-2025:9838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9838"},{"reference_url":"https://usn.ubuntu.com/7507-1/","reference_id":"USN-7507-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7507-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85082?format=json","purl":"pkg:gem/rack@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/85083?format=json","purl":"pkg:gem/rack@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14"}],"aliases":["CVE-2025-46727","GHSA-gjh7-p2fx-99vx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1cf-naeh-bbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51538?format=json","vulnerability_id":"VCID-p3dy-qbad-q3ab","summary":"Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory\n## Summary\n\n`Rack::Directory` interpolates the configured `root` path directly\ninto a regular expression when deriving the displayed directory path.\nIf `root` contains regex metacharacters such as `+`, `*`, or `.`,\nthe prefix stripping can fail and the generated directory listing\nmay expose the full filesystem path in the HTML output.\n\n## Details\n\n`Rack::Directory::DirectoryBody#each` computes the visible path\nusing code equivalent to:\n\n```ruby\nshow_path = Utils.escape_html(path.sub(/\\A#{root}/, ''))\n```\n\nHere, `root` is a developer-configured filesystem path. It is\nnormalized earlier with `File.expand_path(root)` and then inserted\ndirectly into a regular expression without escaping.\n\nBecause the value is treated as regex syntax rather than as a\nliteral string, metacharacters in the configured path can change\nhow the prefix match behaves. When that happens, the expected root\nprefix is not removed from `path`, and the absolute filesystem path\nis rendered into the HTML directory listing.\n\n## Impact\n\nIf `Rack::Directory` is configured to serve a directory whose\nabsolute path contains regex metacharacters, the generated directory\nlisting may disclose the full server filesystem path instead of\nonly the request-relative path.\n\nThis can expose internal deployment details such as directory\nlayout, usernames, mount points, or naming conventions that would\notherwise not be visible to clients.\n\n## Mitigation\n\n* Update to a patched version of Rack in which the root prefix\n  is removed using an escaped regular expression.\n* Avoid using `Rack::Directory` with a root path that contains\n  regular expression metacharacters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34763","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12996","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34763","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454498","reference_id":"2454498","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454498"},{"reference_url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp","reference_id":"GHSA-7mqq-6cf9-v2qp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34763","GHSA-7mqq-6cf9-v2qp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3dy-qbad-q3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51541?format=json","vulnerability_id":"VCID-pydr-47y4-y3fu","summary":"Rack - Forwarded Header semicolon injection enables Host and Scheme spoofing\n## Summary\n\n`Rack::Utils.forwarded_values` parses the RFC 7239 `Forwarded` header\nby splitting on semicolons before handling quoted-string values.\nBecause quoted values may legally contain semicolons, a header such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\ncan be interpreted by Rack as multiple `Forwarded` directives rather\nthan as a single quoted `for` value.\n\nIn deployments where an upstream proxy, WAF, or intermediary validates\nor preserves quoted `Forwarded` values differently, this discrepancy\ncan allow an attacker to smuggle `host`, `proto`, `for`, or `by`\nparameters through a single header value.\n\n## Details\n\n`Rack::Utils.forwarded_values` processes the header using logic\nequivalent to:\n\n```ruby\nforwarded_header.split(';').each_with_object({}) do |field, values|\n  field.split(',').each do |pair|\n    pair = pair.split('=').map(&:strip).join('=')\n    return nil unless pair =~ /\\A(by|for|host|proto)=\"?([^\"]+)\"?\\Z/i\n    (values[$1.downcase.to_sym] ||= []) << $2\n  end\nend\n```\n\nThe method splits on `;` before it parses individual `name=value`\npairs. This is inconsistent with RFC 7239, which permits quoted-string\nvalues, and quoted strings may contain semicolons as literal content.\n\nAs a result, a header value such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\nis not treated as a single `for` value. Instead, Rack may interpret\nit as if the client had supplied separate `for`, `host`, and `proto`\ndirectives.\n\nThis creates an interpretation conflict when another component in\nfront of Rack treats the quoted value as valid literal content,\nwhile Rack reparses it as multiple forwarding parameters.\n\n## Impact\n\nApplications that rely on `Forwarded` to derive request metadata\nmay observe attacker-controlled values for `host`, `proto`, `for`,\nor related URL components.\n\nIn affected deployments, this can lead to host or scheme spoofing\nin derived values such as `req.host`, `req.scheme`, `req.base_url`,\nor `req.url`. Applications that use those values for password reset\nlinks, redirects, absolute URL generation, logging, IP-based\ndecisions, or backend requests may be vulnerable to downstream\nsecurity impact.\n\nThe practical security impact depends on deployment architecture.\nIf clients can already supply arbitrary trusted `Forwarded`\nparameters directly, this bug may not add meaningful attacker\ncapability. The issue is most relevant where an upstream component\nand Rack interpret the same `Forwarded` header differently.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses `Forwarded`\n  quoted-string values before splitting on parameter delimiters.\n* Avoid trusting client-supplied `Forwarded` headers unless they\n  are normalized or regenerated by a trusted reverse proxy.\n* Prefer stripping inbound `Forwarded` headers at the edge and\n  reconstructing them from trusted proxy metadata.\n* Avoid using `req.host`, `req.scheme`, `req.base_url`, or\n  `req.url` for security-sensitive operations unless the forwarding\n  chain is explicitly trusted and validated.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32762","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15457","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32762"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:32Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-32762.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32762","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454489","reference_id":"2454489","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454489"},{"reference_url":"https://github.com/advisories/GHSA-qfgr-crr9-7r49","reference_id":"GHSA-qfgr-crr9-7r49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qfgr-crr9-7r49"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-32762","GHSA-qfgr-crr9-7r49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pydr-47y4-y3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51530?format=json","vulnerability_id":"VCID-r1hk-cy5k-9kad","summary":"Rack has Content-Length mismatch in Rack::Files error responses\n## Summary\n\n`Rack::Files#fail` sets the `Content-Length` response header using\n`String#size` instead of `String#bytesize`. When the response body\ncontains multibyte UTF-8 characters, the declared `Content-Length`\nis smaller than the number of bytes actually sent on the wire.\n\nBecause `Rack::Files` reflects the requested path in 404 responses,\nan attacker can trigger this mismatch by requesting a non-existent\npath containing percent-encoded UTF-8 characters.\n\nThis results in incorrect HTTP response framing and may cause\nresponse desynchronization in deployments that rely on the\nincorrect `Content-Length` value.\n\n## Details\n\n`Rack::Files#fail` constructs error responses using logic equivalent to:\n\n```ruby\ndef fail(status, body, headers = {})\n  body += \"\n\"\n  [\n    status,\n    {\n      \"content-type\" => \"text/plain\",\n      \"content-length\" => body.size.to_s,\n      \"x-cascade\" => \"pass\"\n    }.merge!(headers),\n    [body]\n  ]\nend\n```\n\nHere, `body.size` returns the number of characters, not the number\nof bytes. For multibyte UTF-8 strings, this produces an incorrect\n`Content-Length` value.\n\n`Rack::Files` includes the decoded request path in 404 responses.\nA request containing percent-encoded UTF-8 path components therefore\ncauses the response body to contain multibyte characters, while\nthe `Content-Length` header still reflects character count rather\nthan byte count.\n\nAs a result, the server can send more bytes than declared in\nthe response headers.\n\nThis violates HTTP message framing requirements, which define\n`Content-Length` as the number of octets in the message body.\n\n## Impact\n\nApplications using `Rack::Files` may emit incorrectly framed error\nresponses when handling requests for non-existent paths containing\nmultibyte characters.\n\nIn some deployment topologies, particularly with keep-alive connections\nand intermediaries that rely on `Content-Length`, this mismatch\nmay lead to response parsing inconsistencies or response\ndesynchronization. The practical exploitability depends on the\nbehavior of downstream proxies, clients, and connection reuse.\n\nEven where no secondary exploitation is possible, the response is\nmalformed and may trigger protocol errors in strict components.\n\n## Mitigation\n\n* Update to a patched version of Rack that computes `Content-Length`\n  using `String#bytesize`.\n* Avoid exposing `Rack::Files` directly to untrusted traffic until\n  a fix is available, if operationally feasible.\n* Where possible, place Rack behind a proxy or server that normalizes\n  or rejects malformed backend responses.\n* Prefer closing backend connections on error paths if response\n  framing anomalies are a concern.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34831","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12996","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34831","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34831"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454504","reference_id":"2454504","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454504"},{"reference_url":"https://github.com/advisories/GHSA-q2ww-5357-x388","reference_id":"GHSA-q2ww-5357-x388","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q2ww-5357-x388"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34831","GHSA-q2ww-5357-x388"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1hk-cy5k-9kad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51540?format=json","vulnerability_id":"VCID-tc69-2tad-43cv","summary":"Rack::Static prefix matching can expose unintended files under the static root\n## Summary\n\n`Rack::Static` determines whether a request should be served as a\nstatic file using a simple string prefix check. When configured\nwith URL prefixes such as `\"/css\"`, it matches any request path\nthat begins with that string, including unrelated paths such as\n`\"/css-config.env\"` or `\"/css-backup.sql\"`.\n\nAs a result, files under the static root whose names merely share\nthe configured prefix may be served unintentionally, leading to\ninformation disclosure.\n\n## Details\n\n`Rack::Static#route_file` performs static-route matching using\nlogic equivalent to:\n\n```ruby\n@urls.any? { |url| path.index(url) == 0 }\n```\n\nThis checks only whether the request path starts with the configured\nprefix string. It does not require a path segment boundary after the prefix.\n\nFor example, with:\n\n```ruby\nuse Rack::Static, urls: [\"/css\", \"/js\"], root: \"public\"\n```\n\nthe following path is matched as intended:\n\n```text\n/css/style.css\n```\n\nbut these paths are also matched:\n\n```text\n/css-config.env\n/css-backup.sql\n/csssecrets.yml\n```\n\nIf such files exist under the configured static root, Rack forwards\nthe request to the file server and serves them as static content.\n\nThis means a configuration intended to expose only directory trees\nsuch as `/css/...` and `/js/...` may also expose sibling files\nwhose names begin with those same strings.\n\n## Impact\n\nAn attacker can request files under the configured static root whose\nnames share a configured URL prefix and obtain their contents.\n\nIn affected deployments, this may expose configuration files,\nsecrets, backups, environment files, or other unintended static\ncontent located under the same root directory.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a path boundary\n  when matching configured static URL prefixes.\n* Match only paths that are either exactly equal to the configured\n  prefix or begin with `prefix + \"/\"`.\n* Avoid placing sensitive files under the `Rack::Static` root directory.\n* Prefer static URL mappings that cannot overlap with sensitive filenames.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34785","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14841","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34785"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454486","reference_id":"2454486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454486"},{"reference_url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq","reference_id":"GHSA-h2jq-g4cq-5ppq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34785","GHSA-h2jq-g4cq-5ppq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc69-2tad-43cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51545?format=json","vulnerability_id":"VCID-u1u4-7b3v-fue7","summary":"Rack::Request accepts invalid Host characters, enabling host allowlist bypass\n## Summary\n\n`Rack::Request` parses the `Host` header using an `AUTHORITY` regular\nexpression that accepts characters not permitted in RFC-compliant\nhostnames, including `/`, `?`, `#`, and `@`. Because `req.host`\nreturns the full parsed value, applications that validate hosts\nusing naive prefix or suffix checks can be bypassed.\n\nFor example, a check such as `req.host.start_with?(\"myapp.com\")` can\nbe bypassed with `Host: myapp.com@evil.com`, and a check such as\n`req.host.end_with?(\"myapp.com\")` can be bypassed with\n`Host: evil.com/myapp.com`.\n\nThis can lead to host header poisoning in applications that use\n`req.host`, `req.url`, or `req.base_url` for link generation,\nredirects, or origin validation.\n\n## Details\n\n`Rack::Request` parses the authority component using logic equivalent to:\n\n```ruby\nAUTHORITY = /\n  \\A\n  (?<host>\n    \\[(?<address>#{ipv6})\\]\n    |\n    (?<address>[[[:graph:]&&[^\\[\\]]]]*?)\n  )\n  (:(?<port>\\d+))?\n  \\z\n/x\n```\n\nThe character class used for non-IPv6 hosts accepts nearly all\nprintable characters except `[` and `]`. This includes reserved\nURI delimiters such as `@`, `/`, `?`, and `#`, which are not\nvalid hostname characters under RFC 3986 host syntax.\n\nAs a result, values such as the following are accepted and returned\nthrough `req.host`:\n\n```text\nmyapp.com@evil.com\nevil.com/myapp.com\nevil.com#myapp.com\n```\n\nApplications that attempt to allowlist hosts using string prefix or\nsuffix checks may therefore treat attacker-controlled hosts as\ntrusted. For example:\n\n```ruby\nreq.host.start_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nmyapp.com@evil.com\n```\n\nand:\n\n```ruby\nreq.host.end_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nevil.com/myapp.com\n```\n\nWhen those values are later used to build absolute URLs or enforce\norigin restrictions, the application may produce attacker-controlled\nresults.\n\n## Impact\n\nApplications that rely on `req.host`, `req.url`, or `req.base_url`\nmay be affected if they perform naive host validation or assume\nRack only returns RFC-valid hostnames.\n\nIn affected deployments, an attacker may be able to bypass host\nallowlists and poison generated links, redirects, or origin-dependent\nsecurity decisions. This can enable attacks such as password reset\nlink poisoning or other host header injection issues.\n\nThe practical impact depends on application behavior. If the\napplication or reverse proxy already enforces strict host validation,\nexploitability may be reduced or eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects invalid\n  authority characters in `Host`.\n* Enforce strict `Host` header validation at the reverse proxy\n  or load balancer.\n* Do not rely on prefix or suffix string checks such as\n  `start_with?` or `end_with?` for host allowlisting.\n* Use exact host allowlists, or exact subdomain boundary checks,\n  after validating that the host is syntactically valid.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34835","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35637","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34835"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:43:54Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34835.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34835","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454482","reference_id":"2454482","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454482"},{"reference_url":"https://github.com/advisories/GHSA-g2pf-xv49-m2h5","reference_id":"GHSA-g2pf-xv49-m2h5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g2pf-xv49-m2h5"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34835","GHSA-g2pf-xv49-m2h5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1u4-7b3v-fue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51534?format=json","vulnerability_id":"VCID-uh69-24kx-xucy","summary":"Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect\n## Summary\n\n`Rack::Sendfile#map_accel_path` interpolates the value of the\n`X-Accel-Mapping` request header directly into a regular expression\nwhen rewriting file paths for `X-Accel-Redirect`. Because the header\nvalue is not escaped, an attacker who can supply `X-Accel-Mapping`\nto the backend can inject regex metacharacters and control the\ngenerated `X-Accel-Redirect` response header.\n\nIn deployments using `Rack::Sendfile` with `x-accel-redirect`, this\ncan allow an attacker to cause nginx to serve unintended files\nfrom configured internal locations.\n\n## Details\n\n`Rack::Sendfile#map_accel_path` processes header-supplied mappings\nusing logic equivalent to:\n\n```ruby\nmapping.split(',').map(&:strip).each do |m|\n  internal, external = m.split('=', 2).map(&:strip)\n  new_path = path.sub(/\\A#{internal}/i, external)\n  return new_path unless path == new_path\nend\n```\n\nHere, `internal` comes from the `HTTP_X_ACCEL_MAPPING` request header\nand is inserted directly into a regular expression without escaping.\nThis gives the header value regex semantics rather than treating\nit as a literal prefix.\n\nAs a result, an attacker can supply metacharacters such as `.*`\nor capture groups to alter how the path substitution is performed.\nFor example, a mapping such as:\n\n```http\nX-Accel-Mapping: .*=/protected/secret.txt\n```\n\ncauses the entire source path to match and rewrites the redirect\ntarget to a clean attacker-chosen internal path.\n\nThis differs from the documented behavior of the header-based\nmapping path, which is described as a simple substitution. While\napplication-supplied mappings may intentionally support regular\nexpressions, header-supplied mappings should be treated as\nliteral path prefixes.\n\nThe issue is only exploitable when untrusted `X-Accel-Mapping`\nheaders can reach Rack. One realistic case is a reverse proxy\nconfiguration that intends to set `X-Accel-Mapping` itself, but\nfails to do so on some routes, allowing a client-supplied header\nto pass through unchanged.\n\n## Impact\n\nApplications using `Rack::Sendfile` with `x-accel-redirect` may\nbe affected if the backend accepts attacker-controlled\n`X-Accel-Mapping` headers.\n\nIn affected deployments, an attacker may be able to control the\n`X-Accel-Redirect` response header and cause nginx to serve files\nfrom internal locations that were not intended to be reachable\nthrough the application. This can lead to unauthorized file disclosure.\n\nThe practical impact depends on deployment architecture. If the\nproxy always strips or overwrites `X-Accel-Mapping`, or if the\napplication uses explicit configured mappings instead of the\nrequest header, exploitability may be eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that treats header-supplied\n  `X-Accel-Mapping` values as literal strings rather than regular expressions.\n* Strip or overwrite inbound `X-Accel-Mapping` headers at the\n  reverse proxy so client-supplied values never reach Rack.\n* Prefer explicit application-configured sendfile mappings\n  instead of relying on request-header mappings.\n* Review proxy sub-locations and inherited header settings to\n  ensure `X-Accel-Mapping` is consistently set on all backend routes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34830","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14841","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34830","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454510","reference_id":"2454510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454510"},{"reference_url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7","reference_id":"GHSA-qv7j-4883-hwh7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110090?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/110093?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34830","GHSA-qv7j-4883-hwh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh69-24kx-xucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51532?format=json","vulnerability_id":"VCID-vk15-7qdb-xkh9","summary":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection\n## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that\nincludes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from\nthe `X-Sendfile-Type` header. An attacker can exploit this by\ninjecting escape sequences (such as newline characters) into the\nheader, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure\nattack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71705","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53"},{"reference_url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b"},{"reference_url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546","reference_id":"1099546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810","reference_id":"2349810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111","reference_id":"CVE-2025-27111","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","reference_id":"CVE-2025-27111.YML","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml"},{"reference_url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v","reference_id":"GHSA-8cgq-6mh2-7j6v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84223?format=json","purl":"pkg:gem/rack@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/84224?format=json","purl":"pkg:gem/rack@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11"}],"aliases":["CVE-2025-27111","GHSA-8cgq-6mh2-7j6v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk15-7qdb-xkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50157?format=json","vulnerability_id":"VCID-x373-rhh4-7khm","summary":"Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07448","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/"}],"url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480","reference_id":"1128480","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738","reference_id":"2440738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500","reference_id":"CVE-2026-25500","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml","reference_id":"CVE-2026-25500.YML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml"},{"reference_url":"https://github.com/advisories/GHSA-whrj-4476-wvmp","reference_id":"GHSA-whrj-4476-wvmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp","reference_id":"GHSA-whrj-4476-wvmp","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74065?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/74066?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-25500","GHSA-whrj-4476-wvmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x373-rhh4-7khm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47963?format=json","vulnerability_id":"VCID-xpa3-1n87-8ucv","summary":"Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50306","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174","reference_id":"2402174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770","reference_id":"CVE-2025-61770","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","reference_id":"CVE-2025-61770.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml"},{"reference_url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70750?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/70751?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-gnc7-wp69-h7ag"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-x373-rhh4-7khm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61770","GHSA-p543-xpfm-54cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpa3-1n87-8ucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51528?format=json","vulnerability_id":"VCID-y6nj-8y3j-hbfw","summary":"Possible Log Injection in Rack::CommonLogger\n## Summary\n\n`Rack::CommonLogger` can be exploited by crafting input that includes\nnewline characters to manipulate log entries. The supplied\nproof-of-concept demonstrates injecting malicious content into logs.\n\n## Details\n\nWhen a user provides the authorization credentials via\n`Rack::Auth::Basic`, if success, the username will be put in\n`env['REMOTE_USER']` and later be used by `Rack::CommonLogger`\nfor logging purposes.\n\nThe issue occurs when a server intentionally or unintentionally\nallows a user creation with the username contain CRLF and white\nspace characters, or the server just want to log every login\nattempts. If an attacker enters a username with CRLF character,\nthe logger will log the malicious username with CRLF characters\ninto the logfile.\n\n## Impact\n\nAttackers can break log formats or insert fraudulent entries,\npotentially obscuring real activity or injecting malicious data\ninto log files.\n\n## Mitigation\n\n- Update to the latest version of Rack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25184","reference_id":"","reference_type":"","scores":[{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77786","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/"}],"url":"https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257","reference_id":"1098257","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345301","reference_id":"2345301","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345301"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25184","reference_id":"CVE-2025-25184","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25184"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml","reference_id":"CVE-2025-25184.YML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml"},{"reference_url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg","reference_id":"GHSA-7g2v-jj9q-g3rg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1985","reference_id":"RHSA-2025:1985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7085","reference_id":"RHSA-2025:7085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7085"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84106?format=json","purl":"pkg:gem/rack@3.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/84107?format=json","purl":"pkg:gem/rack@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10"}],"aliases":["CVE-2025-25184","GHSA-7g2v-jj9q-g3rg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6nj-8y3j-hbfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47152?format=json","vulnerability_id":"VCID-yq3g-ykeu-pfbp","summary":"Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)\n### Summary\n\n```ruby\nmodule Rack\n  class MediaType\n    SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\n\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25126","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64024","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462"},{"reference_url":"https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240510-0005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265593","reference_id":"2265593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265593"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25126","reference_id":"CVE-2024-25126","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25126"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml","reference_id":"CVE-2024-25126.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml"},{"reference_url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx","reference_id":"GHSA-22f2-v57c-j9cx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","reference_id":"GHSA-22f2-v57c-j9cx","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0005/","reference_id":"ntap-20240510-0005","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69188?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-25126","GHSA-22f2-v57c-j9cx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq3g-ykeu-pfbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44647?format=json","vulnerability_id":"VCID-zqax-g5xz-wuch","summary":"Rack has possible DoS Vulnerability in Multipart MIME parsing\nThere is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27530","reference_id":"","reference_type":"","scores":[{"value":"0.01982","scoring_system":"epss","scoring_elements":"0.83919","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0015","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0015"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803","reference_id":"1032803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176477","reference_id":"2176477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27530","reference_id":"CVE-2023-27530","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27530"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml","reference_id":"CVE-2023-27530.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml"},{"reference_url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p","reference_id":"GHSA-3h57-hmj3-gj3p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0015/","reference_id":"ntap-20231208-0015","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231208-0015/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1961","reference_id":"RHSA-2023:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1981","reference_id":"RHSA-2023:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2652","reference_id":"RHSA-2023:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3082","reference_id":"RHSA-2023:3082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3403","reference_id":"RHSA-2023:3403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6905-1/","reference_id":"USN-6905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6905-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64283?format=json","purl":"pkg:gem/rack@3.0.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-hpw3-uw3x-mqgq"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-pydr-47y4-y3fu"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-u1u4-7b3v-fue7"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.2"}],"aliases":["CVE-2023-27530","GHSA-3h57-hmj3-gj3p","GMS-2023-663"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqax-g5xz-wuch"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.3"}