| 0 |
| url |
VCID-13d1-uyw3-6bb6 |
| vulnerability_id |
VCID-13d1-uyw3-6bb6 |
| summary |
Rack has a Directory Traversal via Rack:Directory
`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-22860, GHSA-mxw3-3hh2-x2mh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-13d1-uyw3-6bb6 |
|
| 1 |
| url |
VCID-3j7s-n3zh-yka7 |
| vulnerability_id |
VCID-3j7s-n3zh-yka7 |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@2.0.9.2 |
| purl |
pkg:gem/rack@2.0.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2 |
|
| 1 |
| url |
pkg:gem/rack@2.1.4.2 |
| purl |
pkg:gem/rack@2.1.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2 |
|
| 2 |
| url |
pkg:gem/rack@2.2.5 |
| purl |
pkg:gem/rack@2.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.5 |
|
| 3 |
| url |
pkg:gem/rack@2.2.6.1 |
| purl |
pkg:gem/rack@2.2.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1 |
|
| 4 |
| url |
pkg:gem/rack@3.0.4.1 |
| purl |
pkg:gem/rack@3.0.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 10 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 11 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 12 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1 |
|
|
| aliases |
CVE-2022-44572, GHSA-rqv2-275x-2jq5, GMS-2023-66
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3j7s-n3zh-yka7 |
|
| 2 |
| url |
VCID-5ut7-vqx4-kfag |
| vulnerability_id |
VCID-5ut7-vqx4-kfag |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@1.6.12 |
| purl |
pkg:gem/rack@1.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.12 |
|
| 1 |
| url |
pkg:gem/rack@2.0.0.alpha |
| purl |
pkg:gem/rack@2.0.0.alpha |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-5ut7-vqx4-kfag |
|
| 3 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 4 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 5 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 6 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 7 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 8 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 9 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 10 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 11 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 12 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 13 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 14 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 15 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 16 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha |
|
| 2 |
| url |
pkg:gem/rack@2.0.8 |
| purl |
pkg:gem/rack@2.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8 |
|
|
| aliases |
CVE-2019-16782, GHSA-hrqr-hxpp-chr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5ut7-vqx4-kfag |
|
| 3 |
| url |
VCID-64cf-ysff-u7bt |
| vulnerability_id |
VCID-64cf-ysff-u7bt |
| summary |
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-61771, GHSA-w9pc-fmgc-vxvw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-64cf-ysff-u7bt |
|
| 4 |
| url |
VCID-7jqg-1whb-4kdw |
| vulnerability_id |
VCID-7jqg-1whb-4kdw |
| summary |
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-61772, GHSA-wpv5-97wm-hp9c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7jqg-1whb-4kdw |
|
| 5 |
| url |
VCID-8txn-z2vt-7kex |
| vulnerability_id |
VCID-8txn-z2vt-7kex |
| summary |
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-61770, GHSA-p543-xpfm-54cp
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8txn-z2vt-7kex |
|
| 6 |
|
| 7 |
| url |
VCID-b83y-urzk-jqey |
| vulnerability_id |
VCID-b83y-urzk-jqey |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/rack/rack |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/rack/rack |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/ |
|
|
| url |
https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-27111, GHSA-8cgq-6mh2-7j6v
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b83y-urzk-jqey |
|
| 8 |
| url |
VCID-dsxp-jp3h-g3br |
| vulnerability_id |
VCID-dsxp-jp3h-g3br |
| summary |
Rack has possible DoS Vulnerability with Range Header
# Possible DoS Vulnerability with Range Header in Rack
There is a possible DoS vulnerability relating to the Range request header in
Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.
Versions Affected: >= 1.3.0.
Not affected: < 1.3.0
Fixed Versions: 3.0.9.1, 2.2.8.1
Impact
------
Carefully crafted Range headers can cause a server to respond with an
unexpectedly large response. Responding with such large responses could lead
to a denial of service issue.
Vulnerable applications will use the `Rack::File` middleware or the
`Rack::Utils.byte_ranges` methods (this includes Rails applications).
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 3-0-range.patch - Patch for 3.0 series
* 2-2-range.patch - Patch for 2.2 series
Credits
-------
Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and
patch |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@2.2.8.1 |
| purl |
pkg:gem/rack@2.2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 10 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1 |
|
| 1 |
| url |
pkg:gem/rack@3.0.9.1 |
| purl |
pkg:gem/rack@3.0.9.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 7 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 8 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 9 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1 |
|
|
| aliases |
CVE-2024-26141, GHSA-xj5v-6v4g-jfw6
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dsxp-jp3h-g3br |
|
| 9 |
| url |
VCID-e3dc-w7sc-9kaj |
| vulnerability_id |
VCID-e3dc-w7sc-9kaj |
| summary |
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/rack@3.0.0.beta1 |
| purl |
pkg:gem/rack@3.0.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-1df5-44e8-13fm |
|
| 2 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 3 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 4 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 5 |
| vulnerability |
VCID-8qm9-xj5y-wycp |
|
| 6 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 7 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 8 |
| vulnerability |
VCID-9vf4-tu5u-f3en |
|
| 9 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 10 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 11 |
| vulnerability |
VCID-fumx-t77w-jyhj |
|
| 12 |
| vulnerability |
VCID-gjh6-2gkm-6ubs |
|
| 13 |
| vulnerability |
VCID-jv2b-zg52-cqbm |
|
| 14 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 15 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 16 |
| vulnerability |
VCID-md6q-ft6s-f7as |
|
| 17 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 18 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 19 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 20 |
| vulnerability |
VCID-tsrj-694r-57dj |
|
| 21 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 22 |
| vulnerability |
VCID-xrc5-979n-tyfh |
|
| 23 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
| 24 |
| vulnerability |
VCID-z8ee-twnu-9yc9 |
|
| 25 |
| vulnerability |
VCID-zfk1-4k4w-1ycp |
|
| 26 |
| vulnerability |
VCID-zrbq-bky2-cfft |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1 |
|
|
| aliases |
CVE-2025-59830, GHSA-625h-95r8-8xpm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3dc-w7sc-9kaj |
|
| 10 |
|
| 11 |
| url |
VCID-kjyv-r8rk-rqd3 |
| vulnerability_id |
VCID-kjyv-r8rk-rqd3 |
| summary |
Rack has a Possible Information Disclosure Vulnerability
A possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-61780, GHSA-r657-rxjc-j557
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kjyv-r8rk-rqd3 |
|
| 12 |
| url |
VCID-peyq-bpa7-zkaj |
| vulnerability_id |
VCID-peyq-bpa7-zkaj |
| summary |
Possible Denial of Service Vulnerability in Rack’s header parsing
There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@2.2.6.4 |
| purl |
pkg:gem/rack@2.2.6.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 7 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 8 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 9 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 10 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 11 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 12 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4 |
|
| 1 |
| url |
pkg:gem/rack@3.0.6.1 |
| purl |
pkg:gem/rack@3.0.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 10 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 11 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1 |
|
|
| aliases |
CVE-2023-27539, GHSA-c6qg-cjj8-47qp, GMS-2023-769
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-peyq-bpa7-zkaj |
|
| 13 |
| url |
VCID-q17h-k4dc-rka5 |
| vulnerability_id |
VCID-q17h-k4dc-rka5 |
| summary |
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-61919, GHSA-6xw4-3v39-52mm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q17h-k4dc-rka5 |
|
| 14 |
| url |
VCID-qntj-y8n6-buh7 |
| vulnerability_id |
VCID-qntj-y8n6-buh7 |
| summary |
Rack Header Parsing leads to Possible Denial of Service Vulnerability
# Possible Denial of Service Vulnerability in Rack Header Parsing
There is a possible denial of service vulnerability in the header parsing
routines in Rack. This vulnerability has been assigned the CVE identifier
CVE-2024-26146.
Versions Affected: All.
Not affected: None
Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1
Impact
------
Carefully crafted headers can cause header parsing in Rack to take longer than
expected resulting in a possible denial of service issue. Accept and Forwarded
headers are impacted.
Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2
or newer are unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 2-0-header-redos.patch - Patch for 2.0 series
* 2-1-header-redos.patch - Patch for 2.1 series
* 2-2-header-redos.patch - Patch for 2.2 series
* 3-0-header-redos.patch - Patch for 3.0 series
Credits
-------
Thanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and
providing patches! |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@2.0.9.4 |
| purl |
pkg:gem/rack@2.0.9.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 10 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4 |
|
| 1 |
| url |
pkg:gem/rack@2.1.4.4 |
| purl |
pkg:gem/rack@2.1.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 10 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4 |
|
| 2 |
| url |
pkg:gem/rack@2.2.8.1 |
| purl |
pkg:gem/rack@2.2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 10 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1 |
|
| 3 |
| url |
pkg:gem/rack@3.0.9.1 |
| purl |
pkg:gem/rack@3.0.9.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 7 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 8 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 9 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1 |
|
|
| aliases |
CVE-2024-26146, GHSA-54rr-7fvw-6x8f
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qntj-y8n6-buh7 |
|
| 15 |
| url |
VCID-wdtk-9kx3-27eg |
| vulnerability_id |
VCID-wdtk-9kx3-27eg |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/rack@2.0.9.2 |
| purl |
pkg:gem/rack@2.0.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2 |
|
| 1 |
| url |
pkg:gem/rack@2.1.4.2 |
| purl |
pkg:gem/rack@2.1.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2 |
|
| 2 |
| url |
pkg:gem/rack@2.2.6.1 |
| purl |
pkg:gem/rack@2.2.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-3j7s-n3zh-yka7 |
|
| 2 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 3 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 4 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 5 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 6 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 7 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 8 |
| vulnerability |
VCID-e3dc-w7sc-9kaj |
|
| 9 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 10 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 11 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 12 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 13 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 14 |
| vulnerability |
VCID-wdtk-9kx3-27eg |
|
| 15 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1 |
|
| 3 |
| url |
pkg:gem/rack@3.0.4.1 |
| purl |
pkg:gem/rack@3.0.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-13d1-uyw3-6bb6 |
|
| 1 |
| vulnerability |
VCID-64cf-ysff-u7bt |
|
| 2 |
| vulnerability |
VCID-7jqg-1whb-4kdw |
|
| 3 |
| vulnerability |
VCID-8txn-z2vt-7kex |
|
| 4 |
| vulnerability |
VCID-9qjs-6tck-47bh |
|
| 5 |
| vulnerability |
VCID-b83y-urzk-jqey |
|
| 6 |
| vulnerability |
VCID-dsxp-jp3h-g3br |
|
| 7 |
| vulnerability |
VCID-kake-zbut-cqdk |
|
| 8 |
| vulnerability |
VCID-kjyv-r8rk-rqd3 |
|
| 9 |
| vulnerability |
VCID-peyq-bpa7-zkaj |
|
| 10 |
| vulnerability |
VCID-q17h-k4dc-rka5 |
|
| 11 |
| vulnerability |
VCID-qntj-y8n6-buh7 |
|
| 12 |
| vulnerability |
VCID-xz8w-wefz-bffs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1 |
|
|
| aliases |
CVE-2022-44571, GHSA-93pm-5p5f-3ghx, GMS-2023-65
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdtk-9kx3-27eg |
|
| 16 |
| url |
VCID-xz8w-wefz-bffs |
| vulnerability_id |
VCID-xz8w-wefz-bffs |
| summary |
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.
This results in a client-side XSS condition in directory listings generated by `Rack::Directory`. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-25500, GHSA-whrj-4476-wvmp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xz8w-wefz-bffs |
|