{"url":"http://public2.vulnerablecode.io/api/packages/73750?format=json","purl":"pkg:gem/rack@1.3.7","type":"gem","namespace":"","name":"rack","version":"1.3.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22579?format=json","vulnerability_id":"VCID-13d1-uyw3-6bb6","summary":"Rack has a Directory Traversal via Rack:Directory\n`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31145","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22860"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737","reference_id":"2440737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440737"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860","reference_id":"CVE-2026-22860","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22860"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml","reference_id":"CVE-2026-22860.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml"},{"reference_url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"GHSA-mxw3-3hh2-x2mh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh","reference_id":"GHSA-mxw3-3hh2-x2mh","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72855?format=json","purl":"pkg:gem/rack@2.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/72856?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/72857?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-22860","GHSA-mxw3-3hh2-x2mh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13d1-uyw3-6bb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16658?format=json","vulnerability_id":"VCID-3j7s-n3zh-yka7","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44572.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48978","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44572"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml"},{"reference_url":"https://hackerone.com/reports/1639882","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1639882"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722","reference_id":"2164722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572","reference_id":"CVE-2022-44572","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"},{"reference_url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","reference_id":"GHSA-rqv2-275x-2jq5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62427?format=json","purl":"pkg:gem/rack@2.0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/62428?format=json","purl":"pkg:gem/rack@2.1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/62719?format=json","purl":"pkg:gem/rack@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/62727?format=json","purl":"pkg:gem/rack@2.2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62430?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44572","GHSA-rqv2-275x-2jq5","GMS-2023-66"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3j7s-n3zh-yka7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/141099?format=json","vulnerability_id":"VCID-5ut7-vqx4-kfag","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16782","reference_id":"","reference_type":"","scores":[{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75906","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/18/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/12/18/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/18/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/19/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/12/19/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/08/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/09/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/09/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16782","reference_id":"CVE-2019-16782","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16782"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml","reference_id":"CVE-2019-16782.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml"},{"reference_url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3","reference_id":"GHSA-hrqr-hxpp-chr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3","reference_id":"GHSA-hrqr-hxpp-chr3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151694?format=json","purl":"pkg:gem/rack@2.0.0.alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0.alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/74488?format=json","purl":"pkg:gem/rack@1.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74489?format=json","purl":"pkg:gem/rack@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.8"}],"aliases":["CVE-2019-16782","GHSA-hrqr-hxpp-chr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ut7-vqx4-kfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20365?format=json","vulnerability_id":"VCID-64cf-ysff-u7bt","summary":"Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2865","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175","reference_id":"2402175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771","reference_id":"CVE-2025-61771","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","reference_id":"CVE-2025-61771.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml"},{"reference_url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69552?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69553?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/69554?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61771","GHSA-w9pc-fmgc-vxvw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64cf-ysff-u7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10334?format=json","vulnerability_id":"VCID-6sw3-ggbt-sbfp","summary":"Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262","reference_id":"","reference_type":"","scores":[{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.79752","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072"},{"reference_url":"https://gist.github.com/rentzsch/4736940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/rentzsch/4736940"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"},{"reference_url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262","reference_id":"CVE-2013-0262","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","reference_id":"CVE-2013-0262.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml"},{"reference_url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","reference_id":"GHSA-85r7-w5mv-c849","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85r7-w5mv-c849"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86362?format=json","purl":"pkg:gem/rack@1.5.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50266?format=json","purl":"pkg:gem/rack@1.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/50267?format=json","purl":"pkg:gem/rack@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2"}],"aliases":["CVE-2013-0262","GHSA-85r7-w5mv-c849","OSV-89938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6sw3-ggbt-sbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20375?format=json","vulnerability_id":"VCID-7jqg-1whb-4kdw","summary":"Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55649","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200","reference_id":"2402200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772","reference_id":"CVE-2025-61772","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","reference_id":"CVE-2025-61772.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml"},{"reference_url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69552?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69553?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/69554?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61772","GHSA-wpv5-97wm-hp9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jqg-1whb-4kdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20376?format=json","vulnerability_id":"VCID-8txn-z2vt-7kex","summary":"Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50221","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174","reference_id":"2402174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770","reference_id":"CVE-2025-61770","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","reference_id":"CVE-2025-61770.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml"},{"reference_url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69552?format=json","purl":"pkg:gem/rack@2.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69553?format=json","purl":"pkg:gem/rack@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/69554?format=json","purl":"pkg:gem/rack@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.2"}],"aliases":["CVE-2025-61770","GHSA-p543-xpfm-54cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8txn-z2vt-7kex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10352?format=json","vulnerability_id":"VCID-9bdj-3uav-5ug1","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nmultipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rack.github.com"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0544"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0183","reference_id":"","reference_type":"","scores":[{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.83204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895282"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff"},{"reference_url":"https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18"},{"reference_url":"https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs"},{"reference_url":"https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI"},{"reference_url":"https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs"},{"reference_url":"https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI"},{"reference_url":"http://www.debian.org/security/2013/dsa-2783","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2783"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0183","reference_id":"CVE-2013-0183","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0183"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0183","reference_id":"CVE-2013-0183","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0183"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml","reference_id":"CVE-2013-0183.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml"},{"reference_url":"https://github.com/advisories/GHSA-3pxh-h8hw-mj8w","reference_id":"GHSA-3pxh-h8hw-mj8w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pxh-h8hw-mj8w"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73745?format=json","purl":"pkg:gem/rack@1.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/50310?format=json","purl":"pkg:gem/rack@1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.3"}],"aliases":["CVE-2013-0183","GHSA-3pxh-h8hw-mj8w","OSV-89320"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bdj-3uav-5ug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302551?format=json","vulnerability_id":"VCID-9qjs-6tck-47bh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68878","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f"},{"reference_url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346","reference_id":"2370346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/166065?format=json","purl":"pkg:gem/rack@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.16"}],"aliases":["CVE-2025-49007","GHSA-47m2-26rw-j2jw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qjs-6tck-47bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10351?format=json","vulnerability_id":"VCID-b7n5-juw8-3ygj","summary":"Uncontrolled Resource Consumption\nUnspecified vulnerability in Rack::Auth::AbstractRequest in Rack  allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0544","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0548","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0548"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0184","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71859","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0184"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895384","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895384"},{"reference_url":"https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d"},{"reference_url":"http://www.debian.org/security/2013/dsa-2783","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2783"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0184","reference_id":"CVE-2013-0184","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2013-0184"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0184","reference_id":"CVE-2013-0184","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0184"},{"reference_url":"https://github.com/advisories/GHSA-v882-ccj6-jc48","reference_id":"GHSA-v882-ccj6-jc48","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v882-ccj6-jc48"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86362?format=json","purl":"pkg:gem/rack@1.5.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76771?format=json","purl":"pkg:gem/rack@1.3.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/50311?format=json","purl":"pkg:gem/rack@1.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.4"}],"aliases":["CVE-2013-0184","GHSA-v882-ccj6-jc48","OSV-89327"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7n5-juw8-3ygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/289873?format=json","vulnerability_id":"VCID-b83y-urzk-jqey","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75436","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53"},{"reference_url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b"},{"reference_url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810","reference_id":"2349810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349810"},{"reference_url":"https://usn.ubuntu.com/7366-1/","reference_id":"USN-7366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-1/"},{"reference_url":"https://usn.ubuntu.com/7366-2/","reference_id":"USN-7366-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7366-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/166048?format=json","purl":"pkg:gem/rack@2.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/166054?format=json","purl":"pkg:gem/rack@3.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/166060?format=json","purl":"pkg:gem/rack@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.11"}],"aliases":["CVE-2025-27111","GHSA-8cgq-6mh2-7j6v"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b83y-urzk-jqey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10698?format=json","vulnerability_id":"VCID-cmq3-1jzb-1fae","summary":"Potential Denial of Service Vulnerability\nCarefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"},{"reference_url":"http://openwall.com/lists/oss-security/2015/06/16/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/06/16/14"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"0.13251","scoring_system":"epss","scoring_elements":"0.94269","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/HISTORY.md","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"reference_url":"https://github.com/rack/rack/commits/1.4.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commits/1.4.6"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc"},{"reference_url":"http://www.debian.org/security/2015/dsa-3322","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3322"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225","reference_id":"CVE-2015-3225","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","reference_id":"CVE-2015-3225.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml"},{"reference_url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","reference_id":"GHSA-rgr4-9jh5-j4j6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86362?format=json","purl":"pkg:gem/rack@1.5.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/92660?format=json","purl":"pkg:gem/rack@1.6.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta"},{"url":"http://public2.vulnerablecode.io/api/packages/51262?format=json","purl":"pkg:gem/rack@1.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51263?format=json","purl":"pkg:gem/rack@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51264?format=json","purl":"pkg:gem/rack@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-v4fe-p2td-37hq"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2"}],"aliases":["CVE-2015-3225","GHSA-rgr4-9jh5-j4j6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmq3-1jzb-1fae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19571?format=json","vulnerability_id":"VCID-dsxp-jp3h-g3br","summary":"Rack has possible DoS Vulnerability with Range Header\n# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  >= 1.3.0.\nNot affected:       < 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141","reference_id":"","reference_type":"","scores":[{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.6162","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26141"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9"},{"reference_url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594","reference_id":"2265594","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265594"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141","reference_id":"CVE-2024-26141","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","reference_id":"CVE-2024-26141.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml"},{"reference_url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"GHSA-xj5v-6v4g-jfw6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","reference_id":"GHSA-xj5v-6v4g-jfw6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67996?format=json","purl":"pkg:gem/rack@2.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67995?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26141","GHSA-xj5v-6v4g-jfw6"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsxp-jp3h-g3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20294?format=json","vulnerability_id":"VCID-e3dc-w7sc-9kaj","summary":"Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters\n`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31744","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167","reference_id":"2398167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830","reference_id":"CVE-2025-59830","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830"},{"reference_url":"https://github.com/advisories/GHSA-625h-95r8-8xpm","reference_id":"GHSA-625h-95r8-8xpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm","reference_id":"GHSA-625h-95r8-8xpm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7784-1/","reference_id":"USN-7784-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7784-1/"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69448?format=json","purl":"pkg:gem/rack@2.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/72853?format=json","purl":"pkg:gem/rack@3.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-fumx-t77w-jyhj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"},{"vulnerability":"VCID-z8ee-twnu-9yc9"},{"vulnerability":"VCID-zfk1-4k4w-1ycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.beta1"}],"aliases":["CVE-2025-59830","GHSA-625h-95r8-8xpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3dc-w7sc-9kaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259303?format=json","vulnerability_id":"VCID-kake-zbut-cqdk","summary":"","references":[{"reference_url":"https://advisory.dw1.io/61","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisory.dw1.io/61"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39316","reference_id":"","reference_type":"","scores":[{"value":"0.00833","scoring_system":"epss","scoring_elements":"0.74907","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39316","reference_id":"CVE-2024-39316","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39316"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml","reference_id":"CVE-2024-39316.YML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://github.com/advisories/GHSA-cj83-2ww7-mvq7","reference_id":"GHSA-cj83-2ww7-mvq7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj83-2ww7-mvq7"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7","reference_id":"GHSA-cj83-2ww7-mvq7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81941?format=json","purl":"pkg:gem/rack@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.5"}],"aliases":["CVE-2024-39316","GHSA-cj83-2ww7-mvq7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kake-zbut-cqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20417?format=json","vulnerability_id":"VCID-kjyv-r8rk-rqd3","summary":"Rack has a Possible Information Disclosure Vulnerability\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01464","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784"},{"reference_url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a"},{"reference_url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126","reference_id":"2403126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780","reference_id":"CVE-2025-61780","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61780"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml","reference_id":"CVE-2025-61780.YML","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml"},{"reference_url":"https://github.com/advisories/GHSA-r657-rxjc-j557","reference_id":"GHSA-r657-rxjc-j557","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557","reference_id":"GHSA-r657-rxjc-j557","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69613?format=json","purl":"pkg:gem/rack@2.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69614?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69615?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61780","GHSA-r657-rxjc-j557"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjyv-r8rk-rqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17094?format=json","vulnerability_id":"VCID-peyq-bpa7-zkaj","summary":"Possible Denial of Service Vulnerability in Rack’s header parsing\nThere is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Workarounds Setting `Regexp.timeout` in Ruby 3.2 is a possible workaround.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58732","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c"},{"reference_url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0016","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0016"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649","reference_id":"2179649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539","reference_id":"CVE-2023-27539","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27539"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","reference_id":"CVE-2023-27539.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml"},{"reference_url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","reference_id":"GHSA-c6qg-cjj8-47qp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1953","reference_id":"RHSA-2023:1953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1961","reference_id":"RHSA-2023:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1981","reference_id":"RHSA-2023:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2652","reference_id":"RHSA-2023:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3082","reference_id":"RHSA-2023:3082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3403","reference_id":"RHSA-2023:3403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3495","reference_id":"RHSA-2023:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6905-1/","reference_id":"USN-6905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6905-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63147?format=json","purl":"pkg:gem/rack@2.2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/63148?format=json","purl":"pkg:gem/rack@3.0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.6.1"}],"aliases":["CVE-2023-27539","GHSA-c6qg-cjj8-47qp","GMS-2023-769"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-peyq-bpa7-zkaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20413?format=json","vulnerability_id":"VCID-q17h-k4dc-rka5","summary":"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51775","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"},{"reference_url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"},{"reference_url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180","reference_id":"2403180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919","reference_id":"CVE-2025-61919","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","reference_id":"CVE-2025-61919.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml"},{"reference_url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69613?format=json","purl":"pkg:gem/rack@2.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69614?format=json","purl":"pkg:gem/rack@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69615?format=json","purl":"pkg:gem/rack@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.3"}],"aliases":["CVE-2025-61919","GHSA-6xw4-3v39-52mm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q17h-k4dc-rka5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19566?format=json","vulnerability_id":"VCID-qntj-y8n6-buh7","summary":"Rack Header Parsing leads to Possible Denial of Service Vulnerability\n# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73912","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26146"},{"reference_url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716"},{"reference_url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582"},{"reference_url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f"},{"reference_url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595","reference_id":"2265595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265595"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146","reference_id":"CVE-2024-26146","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26146"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","reference_id":"CVE-2024-26146.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml"},{"reference_url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","reference_id":"GHSA-54rr-7fvw-6x8f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10806","reference_id":"RHSA-2024:10806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1841","reference_id":"RHSA-2024:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1846","reference_id":"RHSA-2024:1846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2007","reference_id":"RHSA-2024:2007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2113","reference_id":"RHSA-2024:2113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2581","reference_id":"RHSA-2024:2581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2584","reference_id":"RHSA-2024:2584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2953","reference_id":"RHSA-2024:2953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3431","reference_id":"RHSA-2024:3431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3431"},{"reference_url":"https://usn.ubuntu.com/6689-1/","reference_id":"USN-6689-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6689-1/"},{"reference_url":"https://usn.ubuntu.com/6837-1/","reference_id":"USN-6837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-1/"},{"reference_url":"https://usn.ubuntu.com/6837-2/","reference_id":"USN-6837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6837-2/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67998?format=json","purl":"pkg:gem/rack@2.0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/67997?format=json","purl":"pkg:gem/rack@2.1.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/67996?format=json","purl":"pkg:gem/rack@2.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67995?format=json","purl":"pkg:gem/rack@3.0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.9.1"}],"aliases":["CVE-2024-26146","GHSA-54rr-7fvw-6x8f"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qntj-y8n6-buh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10349?format=json","vulnerability_id":"VCID-vhcq-vn9g-gqam","summary":"Uncontrolled Resource Consumption\nlib/rack/multipart.rb in Rack  uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","references":[{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0544"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6109","reference_id":"","reference_type":"","scores":[{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.74818","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895277","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895277"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/README.rdoc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/README.rdoc"},{"reference_url":"https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"},{"reference_url":"https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-6109","reference_id":"CVE-2012-6109","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2012-6109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6109","reference_id":"CVE-2012-6109","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6109"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml","reference_id":"CVE-2012-6109.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml"},{"reference_url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h","reference_id":"GHSA-h77x-m5q8-c29h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50306?format=json","purl":"pkg:gem/rack@1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.2"}],"aliases":["CVE-2012-6109","GHSA-h77x-m5q8-c29h","OSV-89317"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhcq-vn9g-gqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10333?format=json","vulnerability_id":"VCID-w8jj-mq1q-gqhd","summary":"Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263","reference_id":"","reference_type":"","scores":[{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94898","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://gist.github.com/codahale/f9f3781f7b54985bee94","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/codahale/f9f3781f7b54985bee94"},{"reference_url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07"},{"reference_url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11"},{"reference_url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ"},{"reference_url":"http://www.debian.org/security/2013/dsa-2783","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2783"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263","reference_id":"CVE-2013-0263","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263"},{"reference_url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","reference_id":"GHSA-xc85-32mf-xpv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86362?format=json","purl":"pkg:gem/rack@1.5.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50265?format=json","purl":"pkg:gem/rack@1.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.10"},{"url":"http://public2.vulnerablecode.io/api/packages/50266?format=json","purl":"pkg:gem/rack@1.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/50267?format=json","purl":"pkg:gem/rack@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2"}],"aliases":["CVE-2013-0263","GHSA-xc85-32mf-xpv8","OSV-89939"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8jj-mq1q-gqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16650?format=json","vulnerability_id":"VCID-wdtk-9kx3-27eg","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571","reference_id":"","reference_type":"","scores":[{"value":"0.02825","scoring_system":"epss","scoring_elements":"0.86421","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44571"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/releases/tag/v3.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714","reference_id":"2164714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164714"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571","reference_id":"CVE-2022-44571","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44571"},{"reference_url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","reference_id":"GHSA-93pm-5p5f-3ghx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5910-1/","reference_id":"USN-5910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5910-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62427?format=json","purl":"pkg:gem/rack@2.0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/62428?format=json","purl":"pkg:gem/rack@2.1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/62727?format=json","purl":"pkg:gem/rack@2.2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62430?format=json","purl":"pkg:gem/rack@3.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1"}],"aliases":["CVE-2022-44571","GHSA-93pm-5p5f-3ghx","GMS-2023-65"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdtk-9kx3-27eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22565?format=json","vulnerability_id":"VCID-xz8w-wefz-bffs","summary":"Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738","reference_id":"2440738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440738"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500","reference_id":"CVE-2026-25500","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25500"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml","reference_id":"CVE-2026-25500.YML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml"},{"reference_url":"https://github.com/advisories/GHSA-whrj-4476-wvmp","reference_id":"GHSA-whrj-4476-wvmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp","reference_id":"GHSA-whrj-4476-wvmp","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp"},{"reference_url":"https://usn.ubuntu.com/8066-1/","reference_id":"USN-8066-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8066-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72855?format=json","purl":"pkg:gem/rack@2.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/72856?format=json","purl":"pkg:gem/rack@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/72857?format=json","purl":"pkg:gem/rack@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.2.5"}],"aliases":["CVE-2026-25500","GHSA-whrj-4476-wvmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz8w-wefz-bffs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10349?format=json","vulnerability_id":"VCID-vhcq-vn9g-gqam","summary":"Uncontrolled Resource Consumption\nlib/rack/multipart.rb in Rack  uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","references":[{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0548.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0544","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0544"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6109","reference_id":"","reference_type":"","scores":[{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.74818","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895277","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895277"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/README.rdoc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/README.rdoc"},{"reference_url":"https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"},{"reference_url":"https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2013-0544.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2013-0544.html"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-6109","reference_id":"CVE-2012-6109","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2012-6109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6109","reference_id":"CVE-2012-6109","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6109"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml","reference_id":"CVE-2012-6109.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml"},{"reference_url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h","reference_id":"GHSA-h77x-m5q8-c29h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73742?format=json","purl":"pkg:gem/rack@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73743?format=json","purl":"pkg:gem/rack@1.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/50117?format=json","purl":"pkg:gem/rack@1.3.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-d9s8-qxn1-eycz"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.0.beta"},{"url":"http://public2.vulnerablecode.io/api/packages/73750?format=json","purl":"pkg:gem/rack@1.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-vhcq-vn9g-gqam"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/50306?format=json","purl":"pkg:gem/rack@1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13d1-uyw3-6bb6"},{"vulnerability":"VCID-3j7s-n3zh-yka7"},{"vulnerability":"VCID-5ut7-vqx4-kfag"},{"vulnerability":"VCID-64cf-ysff-u7bt"},{"vulnerability":"VCID-6sw3-ggbt-sbfp"},{"vulnerability":"VCID-7jqg-1whb-4kdw"},{"vulnerability":"VCID-8txn-z2vt-7kex"},{"vulnerability":"VCID-9bdj-3uav-5ug1"},{"vulnerability":"VCID-9qjs-6tck-47bh"},{"vulnerability":"VCID-b7n5-juw8-3ygj"},{"vulnerability":"VCID-b83y-urzk-jqey"},{"vulnerability":"VCID-cmq3-1jzb-1fae"},{"vulnerability":"VCID-dsxp-jp3h-g3br"},{"vulnerability":"VCID-e3dc-w7sc-9kaj"},{"vulnerability":"VCID-kake-zbut-cqdk"},{"vulnerability":"VCID-kjyv-r8rk-rqd3"},{"vulnerability":"VCID-peyq-bpa7-zkaj"},{"vulnerability":"VCID-q17h-k4dc-rka5"},{"vulnerability":"VCID-qntj-y8n6-buh7"},{"vulnerability":"VCID-w8jj-mq1q-gqhd"},{"vulnerability":"VCID-wdtk-9kx3-27eg"},{"vulnerability":"VCID-xz8w-wefz-bffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.4.2"}],"aliases":["CVE-2012-6109","GHSA-h77x-m5q8-c29h","OSV-89317"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhcq-vn9g-gqam"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.3.7"}