{"url":"http://public2.vulnerablecode.io/api/packages/179869?format=json","purl":"pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4?arch=el6","type":"rpm","namespace":"redhat","name":"ruby193-rubygem-rack","version":"1:1.4.1-4","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43296?format=json","vulnerability_id":"VCID-3t7n-a654-suhv","summary":"Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0638","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0638"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0327","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47249","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.4718","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47246","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0327"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914875","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914875"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"},{"reference_url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0327","reference_id":"CVE-2013-0327","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0327","reference_id":"CVE-2013-0327","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0327"},{"reference_url":"https://github.com/advisories/GHSA-rqhg-cxfr-8xqw","reference_id":"GHSA-rqhg-cxfr-8xqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqhg-cxfr-8xqw"}],"fixed_packages":[],"aliases":["CVE-2013-0327","GHSA-rqhg-cxfr-8xqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3t7n-a654-suhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43279?format=json","vulnerability_id":"VCID-5vce-118m-fubh","summary":"Cross-Site Request Forgery (CSRF)\nCVE-2013-0328 jenkins: XSS","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0328.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0328","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33736","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33857","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33841","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0328"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914876","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914876"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0328","reference_id":"CVE-2013-0328","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0328"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0328","reference_id":"CVE-2013-0328","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0328"},{"reference_url":"https://github.com/advisories/GHSA-q5f8-fxrx-pw6f","reference_id":"GHSA-q5f8-fxrx-pw6f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5f8-fxrx-pw6f"}],"fixed_packages":[],"aliases":["CVE-2013-0328","GHSA-q5f8-fxrx-pw6f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vce-118m-fubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37485?format=json","vulnerability_id":"VCID-6dhj-xgsb-nkhd","summary":"Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262","reference_id":"","reference_type":"","scores":[{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.79775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.79806","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.798","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262"},{"reference_url":"https://gist.github.com/rentzsch/4736940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/rentzsch/4736940"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"},{"reference_url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173","reference_id":"700173","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173"},{"reference_url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","reference_id":"GHSA-85r7-w5mv-c849","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85r7-w5mv-c849"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[],"aliases":["CVE-2013-0262","GHSA-85r7-w5mv-c849","OSV-89938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dhj-xgsb-nkhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43289?format=json","vulnerability_id":"VCID-anqd-6ymu-pqhe","summary":"Cross-Site Request Forgery (CSRF)\nUnspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0638","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0638"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0329.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0329","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42653","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42569","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42643","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0329"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914877","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914877"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"},{"reference_url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0329","reference_id":"CVE-2013-0329","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0329"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0329","reference_id":"CVE-2013-0329","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0329"},{"reference_url":"https://github.com/advisories/GHSA-78cj-2m29-q5r9","reference_id":"GHSA-78cj-2m29-q5r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78cj-2m29-q5r9"}],"fixed_packages":[],"aliases":["CVE-2013-0329","GHSA-78cj-2m29-q5r9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anqd-6ymu-pqhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43283?format=json","vulnerability_id":"VCID-jwfm-58dk-v7da","summary":"Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload\nJenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0331.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0331.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0331","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60715","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60708","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60659","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0331"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914879","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914879"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"},{"reference_url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0331","reference_id":"CVE-2013-0331","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0331"},{"reference_url":"https://github.com/advisories/GHSA-5c56-g5cq-4gj9","reference_id":"GHSA-5c56-g5cq-4gj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c56-g5cq-4gj9"}],"fixed_packages":[],"aliases":["CVE-2013-0331","GHSA-5c56-g5cq-4gj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwfm-58dk-v7da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37484?format=json","vulnerability_id":"VCID-w1cf-9x6v-pyhw","summary":"Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263","reference_id":"","reference_type":"","scores":[{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94919","published_at":"2026-06-06T12:55:00Z"},{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94918","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263"},{"reference_url":"https://gist.github.com/codahale/f9f3781f7b54985bee94","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/codahale/f9f3781f7b54985bee94"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07"},{"reference_url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11"},{"reference_url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263"},{"reference_url":"http://www.debian.org/security/2013/dsa-2783","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226","reference_id":"700226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226"},{"reference_url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","reference_id":"GHSA-xc85-32mf-xpv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0686","reference_id":"RHSA-2013:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0686"}],"fixed_packages":[],"aliases":["CVE-2013-0263","GHSA-xc85-32mf-xpv8","OSV-89939"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1cf-9x6v-pyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43281?format=json","vulnerability_id":"VCID-y564-2n7z-r3fv","summary":"Jenkins allows Remote Users to Build Arbitrary Jobs\nUnspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0638.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0330.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0330","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5357","published_at":"2026-06-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53628","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914878","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914878"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229023853/http://www.securityfocus.com/bid/57994"},{"reference_url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"},{"reference_url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/21/7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/21/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0330","reference_id":"CVE-2013-0330","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0330"},{"reference_url":"https://github.com/advisories/GHSA-25c5-58xw-hw5q","reference_id":"GHSA-25c5-58xw-hw5q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25c5-58xw-hw5q"}],"fixed_packages":[],"aliases":["CVE-2013-0330","GHSA-25c5-58xw-hw5q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y564-2n7z-r3fv"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-rubygem-rack@1:1.4.1-4%3Farch=el6"}