{"url":"http://public2.vulnerablecode.io/api/packages/75648?format=json","purl":"pkg:gem/rack@2.2","type":"gem","namespace":"","name":"rack","version":"2.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.23","latest_non_vulnerable_version":"3.2.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51537?format=json","vulnerability_id":"VCID-a8x9-j9b3-jycb","summary":"Denial of Service Vulnerability in Rack Multipart Parsing\nThere is a possible denial of service vulnerability in the multipart parsing\ncomponent of Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2022-30122.\n\nVersions Affected:  >= 1.2\nNot affected:       < 1.2\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack's multipart parser to\ntake much longer than expected, leading to a possible denial of service\nvulnerability.\n\nImpacted code will use Rack's multipart parser to parse multipart posts.  This\nincludes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30122.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30122","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77829","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77801","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77835","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77834","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77826","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-13T16:09:46Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30122","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30122"},{"reference_url":"https://security.gentoo.org/glsa/202310-18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-13T16:09:46Z/"}],"url":"https://security.gentoo.org/glsa/202310-18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0012","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0012"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-13T16:09:46Z/"}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099519","reference_id":"2099519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099519"},{"reference_url":"https://github.com/advisories/GHSA-hxqx-xwvh-44m2","reference_id":"GHSA-hxqx-xwvh-44m2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxqx-xwvh-44m2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0012/","reference_id":"ntap-20231208-0012","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-13T16:09:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231208-0012/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7242","reference_id":"RHSA-2022:7242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1486","reference_id":"RHSA-2023:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1486"},{"reference_url":"https://usn.ubuntu.com/5896-1/","reference_id":"USN-5896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5896-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/154119?format=json","purl":"pkg:gem/rack@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-qagk-c3gk"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3.1"}],"aliases":["CVE-2022-30122","GHSA-hxqx-xwvh-44m2","GMS-2022-1643"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8x9-j9b3-jycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51543?format=json","vulnerability_id":"VCID-huph-y2xr-g3dk","summary":"Percent-encoded cookies can be used to overwrite existing prefixed cookie names\nIt is possible to forge a secure or host-only cookie prefix in Rack using\nan arbitrary cookie write by using URL encoding (percent-encoding) on the\nname of the cookie. This could result in an application that is dependent on\nthis prefix to determine if a cookie is safe to process being manipulated\ninto processing an insecure or cross-origin request.\nThis vulnerability has been assigned the CVE identifier CVE-2020-8184.\n\nVersions Affected:  rack < 2.2.3, rack < 2.1.4\nNot affected:       Applications which do not rely on __Host- and __Secure- prefixes to determine if a cookie is safe to process\nFixed Versions:     rack >= 2.2.3, rack >= 2.1.4\n\nImpact\n------\n\nAn attacker may be able to trick a vulnerable application into processing an\ninsecure (non-SSL) or cross-origin request if they can gain the ability to write\narbitrary cookies that are sent to the application.\n\nWorkarounds\n-----------\n\nIf your application is impacted but you cannot upgrade to the released versions or apply\nthe provided patch, this issue can be temporarily addressed by adding the following workaround:\n\n```\nmodule Rack\n  module Utils\n    module_function def parse_cookies_header(header)\n      return {} unless header\n      header.split(/[;] */n).each_with_object({}) do |cookie, cookies|\n        next if cookie.empty?\n        key, value = cookie.split('=', 2)\n        cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)\n      end\n    end\n  end\nend\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8184","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74625","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74599","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74628","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74622","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74591","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"},{"reference_url":"https://hackerone.com/reports/895727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/895727"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/4561-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4561-1"},{"reference_url":"https://usn.ubuntu.com/4561-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849141","reference_id":"1849141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477","reference_id":"963477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8184","reference_id":"CVE-2020-8184","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8184"},{"reference_url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52","reference_id":"GHSA-j6w9-fv6q-3q52","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/4561-2/","reference_id":"USN-4561-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77545?format=json","purl":"pkg:gem/rack@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-qagk-c3gk"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3"}],"aliases":["CVE-2020-8184","GHSA-j6w9-fv6q-3q52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huph-y2xr-g3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51544?format=json","vulnerability_id":"VCID-jpkw-epb8-f7et","summary":"Possible shell escape sequence injection vulnerability in Rack\nThere is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack.  This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack's Lint middleware and CommonLogger middleware.  These\nescape sequences can be leveraged to possibly execute commands in the victim's\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30123.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30123","reference_id":"","reference_type":"","scores":[{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85124","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85097","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85121","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85126","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.8512","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30123","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30123"},{"reference_url":"https://security.gentoo.org/glsa/202310-18","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202310-18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0011","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231208-0011"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231208-0011/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20231208-0011/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5530","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099524","reference_id":"2099524","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099524"},{"reference_url":"https://github.com/advisories/GHSA-wq4h-7r42-5hrr","reference_id":"GHSA-wq4h-7r42-5hrr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq4h-7r42-5hrr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7343","reference_id":"RHSA-2022:7343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0632","reference_id":"RHSA-2023:0632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1486","reference_id":"RHSA-2023:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1486"},{"reference_url":"https://usn.ubuntu.com/5896-1/","reference_id":"USN-5896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5896-1/"},{"reference_url":"https://usn.ubuntu.com/7036-1/","reference_id":"USN-7036-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7036-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5253-1/","reference_id":"USN-USN-5253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/154119?format=json","purl":"pkg:gem/rack@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-qagk-c3gk"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-3nmb-xetr-6qbg"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-6ydb-e746-vbd8"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-csrd-u9cz-u7ak"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-e8ab-9br9-6ybt"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-ewfc-rx8b-jfc4"},{"vulnerability":"VCID-h8af-h199-qqfz"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-p1cf-naeh-bbgx"},{"vulnerability":"VCID-p3dy-qbad-q3ab"},{"vulnerability":"VCID-r1hk-cy5k-9kad"},{"vulnerability":"VCID-tc69-2tad-43cv"},{"vulnerability":"VCID-uh69-24kx-xucy"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-y6nj-8y3j-hbfw"},{"vulnerability":"VCID-yq3g-ykeu-pfbp"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.3.1"}],"aliases":["CVE-2022-30123","GHSA-wq4h-7r42-5hrr","GMS-2022-1644"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpkw-epb8-f7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51539?format=json","vulnerability_id":"VCID-n1sj-dwab-j3ca","summary":"Directory traversal in Rack::Directory app bundled with Rack\nThere was a possible directory traversal vulnerability in the Rack::Directory app\nthat is bundled with Rack.\n\nVersions Affected:  rack < 2.2.0\nNot affected:       Applications that do not use Rack::Directory.\nFixed Versions:     2.1.3, >= 2.2.0\n\nImpact\n------\n\nIf certain directories exist in a director that is managed by\n`Rack::Directory`, an attacker could, using this vulnerability, read the\ncontents of files on the server that were outside of the root specified in the\nRack::Directory initializer.\n\nWorkarounds\n-----------\n\nUntil such time as the patch is applied or their Rack version is upgraded,\nwe recommend that developers do not use Rack::Directory in their\napplications.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8161","reference_id":"","reference_type":"","scores":[{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76181","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76176","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00907","scoring_system":"epss","scoring_elements":"0.76174","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/4561-1","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4561-1"},{"reference_url":"https://usn.ubuntu.com/4561-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838281","reference_id":"1838281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838281"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8161","reference_id":"CVE-2020-8161","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8161"},{"reference_url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7","reference_id":"GHSA-5f9h-9pjv-v6j7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/4561-2/","reference_id":"USN-4561-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4561-2/"}],"fixed_packages":[],"aliases":["CVE-2020-8161","GHSA-5f9h-9pjv-v6j7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1sj-dwab-j3ca"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2"}