{"url":"http://public2.vulnerablecode.io/api/packages/60538?format=json","purl":"pkg:gem/rack@1.6.2","type":"gem","namespace":"","name":"rack","version":"1.6.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.23","latest_non_vulnerable_version":"3.2.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10591?format=json","vulnerability_id":"VCID-1nzv-zger-fka9","summary":"Rack has possible DoS Vulnerability with Range Header\n# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  >= 1.3.0.\nNot affected:       < 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141","reference_id":"","reference_type":"","scores":[{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61607","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9"},{"reference_url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594","reference_id":"2265594","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594"},{"reference_url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"GHSA-xj5v-6v4g-jfw6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0007/","reference_id":"ntap-20240510-0007","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T18:23:59Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26240?format=json","purl":"pkg:gem/rack@2.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/26232?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26141","GHSA-xj5v-6v4g-jfw6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nzv-zger-fka9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7005?format=json","vulnerability_id":"VCID-1pt2-23bn-7qev","summary":"rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34831","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12991","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:43:52Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34831.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34831","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34831"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454504","reference_id":"2454504","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454504"},{"reference_url":"https://github.com/advisories/GHSA-q2ww-5357-x388","reference_id":"GHSA-q2ww-5357-x388","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q2ww-5357-x388"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34831","GHSA-q2ww-5357-x388"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pt2-23bn-7qev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7006?format=json","vulnerability_id":"VCID-21pz-m7dy-8bey","summary":"github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26961","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02889","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26961"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":""},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:57:50Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-26961.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26961","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454483","reference_id":"2454483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454483"},{"reference_url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3","reference_id":"GHSA-vgpv-f759-9wx3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-26961","GHSA-vgpv-f759-9wx3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21pz-m7dy-8bey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16269?format=json","vulnerability_id":"VCID-2zdv-mr4w-zkfg","summary":"rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01466","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784"},{"reference_url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a"},{"reference_url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:34:55Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855","reference_id":"1117855","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126","reference_id":"2403126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126"},{"reference_url":"https://github.com/advisories/GHSA-r657-rxjc-j557","reference_id":"GHSA-r657-rxjc-j557","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61072?format=json","purl":"pkg:gem/rack@2.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/61073?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/61075?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61780","GHSA-r657-rxjc-j557"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zdv-mr4w-zkfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41202?format=json","vulnerability_id":"VCID-31yn-1jfq-z7am","summary":"Directory traversal in Rack::Directory app bundled with Rack\nA directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8161","reference_id":"","reference_type":"","scores":[{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76104","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8161","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8161"},{"reference_url":"https://usn.ubuntu.com/4561-1","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4561-1"},{"reference_url":"https://usn.ubuntu.com/4561-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838281","reference_id":"1838281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838281"},{"reference_url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7","reference_id":"GHSA-5f9h-9pjv-v6j7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/4561-2/","reference_id":"USN-4561-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74828?format=json","purl":"pkg:gem/rack@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/321694?format=json","purl":"pkg:gem/rack@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.0"}],"aliases":["CVE-2020-8161","GHSA-5f9h-9pjv-v6j7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31yn-1jfq-z7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47327?format=json","vulnerability_id":"VCID-3c3t-sa76-j3bv","summary":"Rack vulnerable to Cross-site Scripting\nThere is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16471","reference_id":"","reference_type":"","scores":[{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74838","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16471","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16471"},{"reference_url":"https://usn.ubuntu.com/4089-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4089-1"},{"reference_url":"https://usn.ubuntu.com/4089-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4089-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646818","reference_id":"1646818","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646818"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005","reference_id":"913005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005"},{"reference_url":"https://github.com/advisories/GHSA-5r2p-j47h-mhpg","reference_id":"GHSA-5r2p-j47h-mhpg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r2p-j47h-mhpg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82364?format=json","purl":"pkg:gem/rack@1.6.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.11"},{"url":"http://public2.vulnerablecode.io/api/packages/82362?format=json","purl":"pkg:gem/rack@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.6"}],"aliases":["CVE-2018-16471","GHSA-5r2p-j47h-mhpg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3c3t-sa76-j3bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9618?format=json","vulnerability_id":"VCID-4umy-say3-ruad","summary":"rubygem-rack: Rack stored XSS in Rack::Directory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07554","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/"}],"url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:42:04Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480","reference_id":"1128480","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738","reference_id":"2440738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738"},{"reference_url":"https://github.com/advisories/GHSA-whrj-4476-wvmp","reference_id":"GHSA-whrj-4476-wvmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55777?format=json","purl":"pkg:gem/rack@2.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/55778?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/55780?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-25500","GHSA-whrj-4476-wvmp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4umy-say3-ruad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10179?format=json","vulnerability_id":"VCID-5kyg-kwck-akaf","summary":"Rack Header Parsing leads to Possible Denial of Service Vulnerability\n# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73907","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716"},{"reference_url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582"},{"reference_url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f"},{"reference_url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595","reference_id":"2265595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595"},{"reference_url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0006/","reference_id":"ntap-20240510-0006","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-29T17:31:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26257?format=json","purl":"pkg:gem/rack@2.0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/26249?format=json","purl":"pkg:gem/rack@2.1.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/26240?format=json","purl":"pkg:gem/rack@2.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/26232?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26146","GHSA-54rr-7fvw-6x8f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kyg-kwck-akaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9619?format=json","vulnerability_id":"VCID-5pry-5agj-tygz","summary":"rubygem-rack: Rack Directory Traversal via Rack:Directory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31135","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22860"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/"}],"url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:27:31Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479","reference_id":"1128479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737","reference_id":"2440737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737"},{"reference_url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"GHSA-mxw3-3hh2-x2mh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55777?format=json","purl":"pkg:gem/rack@2.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/55778?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/55780?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-22860","GHSA-mxw3-3hh2-x2mh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pry-5agj-tygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7007?format=json","vulnerability_id":"VCID-6hht-91zy-fqdf","summary":"rack: Rack: Denial of Service via crafted Accept-Encoding header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34230","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06608","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34230"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:56:03Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34230.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34230","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454493","reference_id":"2454493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454493"},{"reference_url":"https://github.com/advisories/GHSA-v569-hp3g-36wr","reference_id":"GHSA-v569-hp3g-36wr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v569-hp3g-36wr"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34230","GHSA-v569-hp3g-36wr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hht-91zy-fqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7003?format=json","vulnerability_id":"VCID-6t6w-vvzt-fqd9","summary":"github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34785","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14816","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34785.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34785"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454486","reference_id":"2454486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454486"},{"reference_url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq","reference_id":"GHSA-h2jq-g4cq-5ppq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34785","GHSA-h2jq-g4cq-5ppq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t6w-vvzt-fqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6999?format=json","vulnerability_id":"VCID-7pey-8xge-1fbz","summary":"rack: Rack: Denial of Service via unbounded multipart file upload","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34829","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20368","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34829.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34829","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454488","reference_id":"2454488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454488"},{"reference_url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw","reference_id":"GHSA-8vqr-qjwx-82mw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34829","GHSA-8vqr-qjwx-82mw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pey-8xge-1fbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24191?format=json","vulnerability_id":"VCID-87hv-57m8-4qey","summary":"rack: rubygem-rack: Local File Inclusion in Rack::Static","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27610","reference_id":"","reference_type":"","scores":[{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83334","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27610"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/"}],"url":"https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T15:22:45Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27610","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444","reference_id":"1100444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351231","reference_id":"2351231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351231"},{"reference_url":"https://github.com/advisories/GHSA-7wqh-767x-r66v","reference_id":"GHSA-7wqh-767x-r66v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7wqh-767x-r66v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3448","reference_id":"RHSA-2025:3448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3490","reference_id":"RHSA-2025:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3491","reference_id":"RHSA-2025:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3492","reference_id":"RHSA-2025:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4576","reference_id":"RHSA-2025:4576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4576"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64803?format=json","purl":"pkg:gem/rack@2.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/64804?format=json","purl":"pkg:gem/rack@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/64805?format=json","purl":"pkg:gem/rack@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.12"}],"aliases":["CVE-2025-27610","GHSA-7wqh-767x-r66v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87hv-57m8-4qey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16254?format=json","vulnerability_id":"VCID-8kwp-wuv8-gqf8","summary":"rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51764","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"},{"reference_url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"},{"reference_url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856","reference_id":"1117856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180","reference_id":"2403180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180"},{"reference_url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61072?format=json","purl":"pkg:gem/rack@2.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/61073?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/61075?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61919","GHSA-6xw4-3v39-52mm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kwp-wuv8-gqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6998?format=json","vulnerability_id":"VCID-8rbg-wrmj-1bcu","summary":"rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34830","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14816","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34830.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34830","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454510","reference_id":"2454510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454510"},{"reference_url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7","reference_id":"GHSA-qv7j-4883-hwh7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34830","GHSA-qv7j-4883-hwh7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rbg-wrmj-1bcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16334?format=json","vulnerability_id":"VCID-9dqs-zbmn-b7e4","summary":"rack: Rack memory exhaustion denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55636","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200","reference_id":"2402200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200"},{"reference_url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61047?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/61048?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61049?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61772","GHSA-wpv5-97wm-hp9c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dqs-zbmn-b7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16339?format=json","vulnerability_id":"VCID-dzhg-3hy9-w3gv","summary":"rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2864","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628","reference_id":"1117628","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175","reference_id":"2402175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175"},{"reference_url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61047?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/61048?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61049?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61771","GHSA-w9pc-fmgc-vxvw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzhg-3hy9-w3gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36169?format=json","vulnerability_id":"VCID-f5ev-kfux-n7hj","summary":"Denial of Service Vulnerability in Rack Content-Disposition parsing\nThere is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.\n\nVersions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.0 series\n    2-1-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.1 series\n    2-2-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.2 series\n    3-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 3.0 series","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571","reference_id":"","reference_type":"","scores":[{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86412","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714","reference_id":"2164714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714"},{"reference_url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","reference_id":"GHSA-93pm-5p5f-3ghx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68400?format=json","purl":"pkg:gem/rack@2.0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68401?format=json","purl":"pkg:gem/rack@2.1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68402?format=json","purl":"pkg:gem/rack@2.2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68403?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44571","GHSA-93pm-5p5f-3ghx","GMS-2023-65"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5ev-kfux-n7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24271?format=json","vulnerability_id":"VCID-f6u2-fhux-43f3","summary":"rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75428","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53"},{"reference_url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b"},{"reference_url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-04T15:44:28Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546","reference_id":"1099546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810","reference_id":"2349810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810"},{"reference_url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v","reference_id":"GHSA-8cgq-6mh2-7j6v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64837?format=json","purl":"pkg:gem/rack@2.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/64838?format=json","purl":"pkg:gem/rack@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/64839?format=json","purl":"pkg:gem/rack@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11"}],"aliases":["CVE-2025-27111","GHSA-8cgq-6mh2-7j6v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6u2-fhux-43f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36245?format=json","vulnerability_id":"VCID-h44h-uxra-83cs","summary":"Denial of service via header parsing in Rack\nThere is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.\n\nVersions Affected: >= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1\nImpact\n\nCarefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.0 series\n    2-1-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.1 series\n    2-2-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.2 series\n    3-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 3.0 series","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44570","reference_id":"","reference_type":"","scores":[{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.87067","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44570","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44570"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0010"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164719","reference_id":"2164719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164719"},{"reference_url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj","reference_id":"GHSA-65f5-mfpf-vfhj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68400?format=json","purl":"pkg:gem/rack@2.0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68401?format=json","purl":"pkg:gem/rack@2.1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68595?format=json","purl":"pkg:gem/rack@2.2.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68403?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44570","GHSA-65f5-mfpf-vfhj","GMS-2023-64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h44h-uxra-83cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7001?format=json","vulnerability_id":"VCID-j3e9-y38h-xbbu","summary":"rack: Rack: Security header bypass via URL-encoded static path requests","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34786","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13787","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:37:20Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34786.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34786","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454507","reference_id":"2454507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454507"},{"reference_url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh","reference_id":"GHSA-q4qf-9j86-f5mh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34786","GHSA-q4qf-9j86-f5mh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e9-y38h-xbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16345?format=json","vulnerability_id":"VCID-juuh-9psh-yyar","summary":"rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5021","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174","reference_id":"2402174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174"},{"reference_url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61047?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/61048?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61049?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-x316-jquh-63ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61770","GHSA-p543-xpfm-54cp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-juuh-9psh-yyar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22243?format=json","vulnerability_id":"VCID-k4w7-sm5v-yqgb","summary":"rack: Rack Session Reuse Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32441","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2651","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32441"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/"}],"url":"https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270"},{"reference_url":"https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/"}],"url":"https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:02:00Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g"},{"reference_url":"https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32441","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364965","reference_id":"2364965","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364965"},{"reference_url":"https://github.com/advisories/GHSA-vpfw-47h7-xj4g","reference_id":"GHSA-vpfw-47h7-xj4g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vpfw-47h7-xj4g"},{"reference_url":"https://usn.ubuntu.com/7507-1/","reference_id":"USN-7507-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7507-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66645?format=json","purl":"pkg:gem/rack@2.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14"}],"aliases":["CVE-2025-32441","GHSA-vpfw-47h7-xj4g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4w7-sm5v-yqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47946?format=json","vulnerability_id":"VCID-mac4-2zg3-q3dg","summary":"Possible Information Leak / Session Hijack Vulnerability in Rack\nThere's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16782","reference_id":"","reference_type":"","scores":[{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75899","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16782","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16782"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/12/18/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/18/3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/19/3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/12/19/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/08/1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/04/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/09/2","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/04/09/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789100","reference_id":"1789100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983","reference_id":"946983","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983"},{"reference_url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3","reference_id":"GHSA-hrqr-hxpp-chr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2480","reference_id":"RHSA-2020:2480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82965?format=json","purl":"pkg:gem/rack@1.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/383395?format=json","purl":"pkg:gem/rack@2.0.0.alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/82966?format=json","purl":"pkg:gem/rack@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8"}],"aliases":["CVE-2019-16782","GHSA-hrqr-hxpp-chr3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mac4-2zg3-q3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7000?format=json","vulnerability_id":"VCID-mftr-ma4j-mbhy","summary":"rack: Rack: Denial of Service via malicious HTTP Range header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34826","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06114","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34826"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:42:34Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34826.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34826","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454508","reference_id":"2454508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454508"},{"reference_url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx","reference_id":"GHSA-x8cg-fq8g-mxfx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34826","GHSA-x8cg-fq8g-mxfx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mftr-ma4j-mbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37471?format=json","vulnerability_id":"VCID-n3cc-pvr9-4bd5","summary":"Possible Denial of Service Vulnerability in Rack's header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539.\n\nVersions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1\n\n# Impact\nCarefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.\n\n# Workarounds\nSetting Regexp.timeout in Ruby 3.2 is a possible workaround.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58717","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c"},{"reference_url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0016","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0016"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264","reference_id":"1033264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649","reference_id":"2179649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649"},{"reference_url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","reference_id":"GHSA-c6qg-cjj8-47qp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0016/","reference_id":"ntap-20231208-0016","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:22:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231208-0016/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1953","reference_id":"RHSA-2023:1953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1961","reference_id":"RHSA-2023:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1981","reference_id":"RHSA-2023:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2652","reference_id":"RHSA-2023:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3082","reference_id":"RHSA-2023:3082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3403","reference_id":"RHSA-2023:3403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3495","reference_id":"RHSA-2023:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6905-1/","reference_id":"USN-6905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6905-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70419?format=json","purl":"pkg:gem/rack@2.2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/70420?format=json","purl":"pkg:gem/rack@3.0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1"}],"aliases":["CVE-2023-27539","GHSA-c6qg-cjj8-47qp","GMS-2023-769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3cc-pvr9-4bd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22241?format=json","vulnerability_id":"VCID-nqds-u1fk-y7ch","summary":"rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46727","reference_id":"","reference_type":"","scores":[{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74504","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712"},{"reference_url":"https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3"},{"reference_url":"https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:00:33Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46727"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927","reference_id":"1104927","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364966","reference_id":"2364966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364966"},{"reference_url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx","reference_id":"GHSA-gjh7-p2fx-99vx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7604","reference_id":"RHSA-2025:7604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7604"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7605","reference_id":"RHSA-2025:7605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8254","reference_id":"RHSA-2025:8254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8256","reference_id":"RHSA-2025:8256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8279","reference_id":"RHSA-2025:8279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8288","reference_id":"RHSA-2025:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8289","reference_id":"RHSA-2025:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8290","reference_id":"RHSA-2025:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8291","reference_id":"RHSA-2025:8291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8319","reference_id":"RHSA-2025:8319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8322","reference_id":"RHSA-2025:8322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8323","reference_id":"RHSA-2025:8323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9838","reference_id":"RHSA-2025:9838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9838"},{"reference_url":"https://usn.ubuntu.com/7507-1/","reference_id":"USN-7507-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7507-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66645?format=json","purl":"pkg:gem/rack@2.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/66858?format=json","purl":"pkg:gem/rack@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/66860?format=json","purl":"pkg:gem/rack@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.14"}],"aliases":["CVE-2025-46727","GHSA-gjh7-p2fx-99vx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqds-u1fk-y7ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25862?format=json","vulnerability_id":"VCID-rvwc-cy1n-yffg","summary":"rubygem-rack: Possible Log Injection in Rack::CommonLogger","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25184","reference_id":"","reference_type":"","scores":[{"value":"0.01345","scoring_system":"epss","scoring_elements":"0.80354","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25184"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/"}],"url":"https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:09:07Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25184","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25184"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257","reference_id":"1098257","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098257"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345301","reference_id":"2345301","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345301"},{"reference_url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg","reference_id":"GHSA-7g2v-jj9q-g3rg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1985","reference_id":"RHSA-2025:1985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7085","reference_id":"RHSA-2025:7085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7085"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63763?format=json","purl":"pkg:gem/rack@2.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/63764?format=json","purl":"pkg:gem/rack@3.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/63765?format=json","purl":"pkg:gem/rack@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.10"}],"aliases":["CVE-2025-25184","GHSA-7g2v-jj9q-g3rg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvwc-cy1n-yffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17108?format=json","vulnerability_id":"VCID-tjh9-vfdw-7yen","summary":"rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31734","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/"}],"url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431","reference_id":"1116431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167","reference_id":"2398167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167"},{"reference_url":"https://github.com/advisories/GHSA-625h-95r8-8xpm","reference_id":"GHSA-625h-95r8-8xpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7784-1/","reference_id":"USN-7784-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7784-1/"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62481?format=json","purl":"pkg:gem/rack@2.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/329373?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"}],"aliases":["CVE-2025-59830","GHSA-625h-95r8-8xpm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh9-vfdw-7yen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21429?format=json","vulnerability_id":"VCID-v2nc-35z6-2kf6","summary":"rack: rubygem-rack: Rack Content-Disposition Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68866","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f"},{"reference_url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:37Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363","reference_id":"1107363","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346","reference_id":"2370346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346"},{"reference_url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw","reference_id":"GHSA-47m2-26rw-j2jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66319?format=json","purl":"pkg:gem/rack@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16"}],"aliases":["CVE-2025-49007","GHSA-47m2-26rw-j2jw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nc-35z6-2kf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7004?format=json","vulnerability_id":"VCID-vch5-2deq-euaq","summary":"rack: Rack: Information disclosure via regular expression metacharacters in root path","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34763","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12991","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:04Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-34763.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34763","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454498","reference_id":"2454498","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454498"},{"reference_url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp","reference_id":"GHSA-7mqq-6cf9-v2qp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp"},{"reference_url":"https://usn.ubuntu.com/8182-1/","reference_id":"USN-8182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45053?format=json","purl":"pkg:gem/rack@2.2.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:gem/rack@3.1.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:gem/rack@3.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.6"}],"aliases":["CVE-2026-34763","GHSA-7mqq-6cf9-v2qp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vch5-2deq-euaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10431?format=json","vulnerability_id":"VCID-xrut-zyv4-e3bf","summary":"Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)\n### Summary\n\n```ruby\nmodule Rack\n  class MediaType\n    SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25126","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63937","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462"},{"reference_url":"https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25126","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25126"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240510-0005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516","reference_id":"1064516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265593","reference_id":"2265593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265593"},{"reference_url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx","reference_id":"GHSA-22f2-v57c-j9cx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0005/","reference_id":"ntap-20240510-0005","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T17:41:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26240?format=json","purl":"pkg:gem/rack@2.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/26232?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-25126","GHSA-22f2-v57c-j9cx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrut-zyv4-e3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41217?format=json","vulnerability_id":"VCID-y4e1-mh3x-gkep","summary":"Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names\nA reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8184","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74534","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"},{"reference_url":"https://hackerone.com/reports/895727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/895727"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8184","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8184"},{"reference_url":"https://usn.ubuntu.com/4561-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4561-1"},{"reference_url":"https://usn.ubuntu.com/4561-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849141","reference_id":"1849141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477","reference_id":"963477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477"},{"reference_url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52","reference_id":"GHSA-j6w9-fv6q-3q52","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/4561-2/","reference_id":"USN-4561-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74855?format=json","purl":"pkg:gem/rack@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74856?format=json","purl":"pkg:gem/rack@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3"}],"aliases":["CVE-2020-8184","GHSA-j6w9-fv6q-3q52"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4e1-mh3x-gkep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37498?format=json","vulnerability_id":"VCID-ya57-9vg9-xka9","summary":"Rack has possible DoS Vulnerability in Multipart MIME parsing\nThere is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27530","reference_id":"","reference_type":"","scores":[{"value":"0.01982","scoring_system":"epss","scoring_elements":"0.83865","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27530"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0015","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0015"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803","reference_id":"1032803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176477","reference_id":"2176477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176477"},{"reference_url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p","reference_id":"GHSA-3h57-hmj3-gj3p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0015/","reference_id":"ntap-20231208-0015","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231208-0015/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1961","reference_id":"RHSA-2023:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1981","reference_id":"RHSA-2023:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2652","reference_id":"RHSA-2023:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3082","reference_id":"RHSA-2023:3082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3403","reference_id":"RHSA-2023:3403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6905-1/","reference_id":"USN-6905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6905-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70448?format=json","purl":"pkg:gem/rack@2.0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/70450?format=json","purl":"pkg:gem/rack@2.1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/70452?format=json","purl":"pkg:gem/rack@2.2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/70454?format=json","purl":"pkg:gem/rack@3.0.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.2"}],"aliases":["CVE-2023-27530","GHSA-3h57-hmj3-gj3p","GMS-2023-663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ya57-9vg9-xka9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36036?format=json","vulnerability_id":"VCID-zbqp-syvz-8bb5","summary":"Denial of service via multipart parsing in Rack\nThere is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.\n\nVersions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series\n    2-1-Forbid-control-characters-in-attributes.patch - Patch for 2.1 series\n    2-2-Forbid-control-characters-in-attributes.patch - Patch for 2.2 series\n    3-0-Forbid-control-characters-in-attributes.patch - Patch for 3.0 series","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4897","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml"},{"reference_url":"https://hackerone.com/reports/1639882","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1639882"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832","reference_id":"1029832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722","reference_id":"2164722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722"},{"reference_url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","reference_id":"GHSA-rqv2-275x-2jq5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68400?format=json","purl":"pkg:gem/rack@2.0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68401?format=json","purl":"pkg:gem/rack@2.1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/372178?format=json","purl":"pkg:gem/rack@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/68402?format=json","purl":"pkg:gem/rack@2.2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68403?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-3bh7-vrvj-p3g1"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-dchf-rhvg-zycw"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tzca-xm43-xugs"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-ya57-9vg9-xka9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44572","GHSA-rqv2-275x-2jq5","GMS-2023-66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbqp-syvz-8bb5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47012?format=json","vulnerability_id":"VCID-1av1-ssfc-8ffn","summary":"Moderate severity vulnerability that affects rack\nWithdrawn, accidental duplicate publish.\n\nlib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","references":[{"reference_url":"https://github.com/advisories/GHSA-9vc2-p34x-jhxh","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vc2-p34x-jhxh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60539?format=json","purl":"pkg:gem/rack@1.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/60537?format=json","purl":"pkg:gem/rack@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/60538?format=json","purl":"pkg:gem/rack@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-3c3t-sa76-j3bv"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2"}],"aliases":["GHSA-9vc2-p34x-jhxh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1av1-ssfc-8ffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26965?format=json","vulnerability_id":"VCID-rg39-bur5-67e3","summary":"Rack vulnerable to Denial of Service via large parameter depth request\nlib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"},{"reference_url":"http://openwall.com/lists/oss-security/2015/06/16/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/06/16/14"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"0.13251","scoring_system":"epss","scoring_elements":"0.94266","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/HISTORY.md","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"reference_url":"https://github.com/rack/rack/commits/1.4.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commits/1.4.6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225"},{"reference_url":"http://www.debian.org/security/2015/dsa-3322","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232292","reference_id":"1232292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232292"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311","reference_id":"789311","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311"},{"reference_url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","reference_id":"GHSA-rgr4-9jh5-j4j6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2290","reference_id":"RHSA-2015:2290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2290"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60539?format=json","purl":"pkg:gem/rack@1.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/379978?format=json","purl":"pkg:gem/rack@1.5.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-64vt-66fw-53dk"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-a6k6-15zc-duaw"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rg39-bur5-67e3"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-sfcw-t1ch-b7dr"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60537?format=json","purl":"pkg:gem/rack@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/381714?format=json","purl":"pkg:gem/rack@1.6.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rg39-bur5-67e3"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta"},{"url":"http://public2.vulnerablecode.io/api/packages/60538?format=json","purl":"pkg:gem/rack@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nzv-zger-fka9"},{"vulnerability":"VCID-1pt2-23bn-7qev"},{"vulnerability":"VCID-21pz-m7dy-8bey"},{"vulnerability":"VCID-2zdv-mr4w-zkfg"},{"vulnerability":"VCID-31yn-1jfq-z7am"},{"vulnerability":"VCID-3c3t-sa76-j3bv"},{"vulnerability":"VCID-4umy-say3-ruad"},{"vulnerability":"VCID-5kyg-kwck-akaf"},{"vulnerability":"VCID-5pry-5agj-tygz"},{"vulnerability":"VCID-6hht-91zy-fqdf"},{"vulnerability":"VCID-6t6w-vvzt-fqd9"},{"vulnerability":"VCID-7pey-8xge-1fbz"},{"vulnerability":"VCID-87hv-57m8-4qey"},{"vulnerability":"VCID-8kwp-wuv8-gqf8"},{"vulnerability":"VCID-8rbg-wrmj-1bcu"},{"vulnerability":"VCID-9dqs-zbmn-b7e4"},{"vulnerability":"VCID-dzhg-3hy9-w3gv"},{"vulnerability":"VCID-f5ev-kfux-n7hj"},{"vulnerability":"VCID-f6u2-fhux-43f3"},{"vulnerability":"VCID-h44h-uxra-83cs"},{"vulnerability":"VCID-j3e9-y38h-xbbu"},{"vulnerability":"VCID-juuh-9psh-yyar"},{"vulnerability":"VCID-k4w7-sm5v-yqgb"},{"vulnerability":"VCID-mac4-2zg3-q3dg"},{"vulnerability":"VCID-mftr-ma4j-mbhy"},{"vulnerability":"VCID-n3cc-pvr9-4bd5"},{"vulnerability":"VCID-nqds-u1fk-y7ch"},{"vulnerability":"VCID-rvwc-cy1n-yffg"},{"vulnerability":"VCID-tjh9-vfdw-7yen"},{"vulnerability":"VCID-v2nc-35z6-2kf6"},{"vulnerability":"VCID-vch5-2deq-euaq"},{"vulnerability":"VCID-xrut-zyv4-e3bf"},{"vulnerability":"VCID-y4e1-mh3x-gkep"},{"vulnerability":"VCID-ya57-9vg9-xka9"},{"vulnerability":"VCID-zbqp-syvz-8bb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2"}],"aliases":["CVE-2015-3225","GHSA-rgr4-9jh5-j4j6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg39-bur5-67e3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2"}