{"url":"http://public2.vulnerablecode.io/api/packages/75649?format=json","purl":"pkg:gem/rack@1.5","type":"gem","namespace":"","name":"rack","version":"1.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.23","latest_non_vulnerable_version":"3.2.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37887?format=json","vulnerability_id":"VCID-2bvt-36z3-9qar","summary":"Potential Denial of Service Vulnerability\nCarefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"},{"reference_url":"http://openwall.com/lists/oss-security/2015/06/16/14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2015/06/16/14"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2290.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"0.13251","scoring_system":"epss","scoring_elements":"0.9429","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13251","scoring_system":"epss","scoring_elements":"0.94282","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/HISTORY.md","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/HISTORY.md"},{"reference_url":"https://github.com/rack/rack/commits/1.4.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rack/rack/commits/1.4.6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3225"},{"reference_url":"http://www.debian.org/security/2015/dsa-3322","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232292","reference_id":"1232292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232292"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311","reference_id":"789311","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311"},{"reference_url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","reference_id":"GHSA-rgr4-9jh5-j4j6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2290","reference_id":"RHSA-2015:2290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2290"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52334?format=json","purl":"pkg:gem/rack@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-huph-y2xr-g3dk"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-kd2v-rt9y-uqh7"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-n1sj-dwab-j3ca"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/159981?format=json","purl":"pkg:gem/rack@1.6.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bvt-36z3-9qar"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-huph-y2xr-g3dk"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-kd2v-rt9y-uqh7"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-n1sj-dwab-j3ca"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.0.beta"},{"url":"http://public2.vulnerablecode.io/api/packages/52335?format=json","purl":"pkg:gem/rack@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ra1-pgt2-3ubf"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-huph-y2xr-g3dk"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-kd2v-rt9y-uqh7"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-n1sj-dwab-j3ca"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.6.2"}],"aliases":["CVE-2015-3225","GHSA-rgr4-9jh5-j4j6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bvt-36z3-9qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37485?format=json","vulnerability_id":"VCID-6dhj-xgsb-nkhd","summary":"Symlink path traversal in Rack::File\nAffected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0262.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262","reference_id":"","reference_type":"","scores":[{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.798","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01263","scoring_system":"epss","scoring_elements":"0.79775","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262"},{"reference_url":"https://gist.github.com/rentzsch/4736940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/rentzsch/4736940"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56"},{"reference_url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0262"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173","reference_id":"700173","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700173"},{"reference_url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","reference_id":"GHSA-85r7-w5mv-c849","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85r7-w5mv-c849"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51374?format=json","purl":"pkg:gem/rack@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bvt-36z3-9qar"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-huph-y2xr-g3dk"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-kd2v-rt9y-uqh7"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-n1sj-dwab-j3ca"},{"vulnerability":"VCID-rr79-famc-37a8"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2"}],"aliases":["CVE-2013-0262","GHSA-85r7-w5mv-c849","OSV-89938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dhj-xgsb-nkhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37484?format=json","vulnerability_id":"VCID-w1cf-9x6v-pyhw","summary":"Timing attack against Rack::Session::Cookie\nAffected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"},{"reference_url":"http://rack.github.com/","reference_id":"","reference_type":"","scores":[],"url":"http://rack.github.com/"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0686.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263","reference_id":"","reference_type":"","scores":[{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94918","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16071","scoring_system":"epss","scoring_elements":"0.94909","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0263"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263"},{"reference_url":"https://gist.github.com/codahale/f9f3781f7b54985bee94","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/codahale/f9f3781f7b54985bee94"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07"},{"reference_url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11"},{"reference_url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ"},{"reference_url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0263"},{"reference_url":"http://www.debian.org/security/2013/dsa-2783","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226","reference_id":"700226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700226"},{"reference_url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","reference_id":"GHSA-xc85-32mf-xpv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8"},{"reference_url":"https://security.gentoo.org/glsa/201405-10","reference_id":"GLSA-201405-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0686","reference_id":"RHSA-2013:0686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51374?format=json","purl":"pkg:gem/rack@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bvt-36z3-9qar"},{"vulnerability":"VCID-3jru-u17n-tyg1"},{"vulnerability":"VCID-52qe-dast-tkhu"},{"vulnerability":"VCID-7cef-z5qm-afd8"},{"vulnerability":"VCID-a8x9-j9b3-jycb"},{"vulnerability":"VCID-amfu-8d25-juhy"},{"vulnerability":"VCID-bj83-rx84-v3g9"},{"vulnerability":"VCID-bqpn-m2fh-9kab"},{"vulnerability":"VCID-c9mc-7nts-cfgy"},{"vulnerability":"VCID-dss4-6ptr-83av"},{"vulnerability":"VCID-e11g-k7zm-vkhu"},{"vulnerability":"VCID-ebb6-b5tx-5bhf"},{"vulnerability":"VCID-heu4-cd3d-73ck"},{"vulnerability":"VCID-huph-y2xr-g3dk"},{"vulnerability":"VCID-jpkw-epb8-f7et"},{"vulnerability":"VCID-k8fr-zuyx-yyhg"},{"vulnerability":"VCID-kd2v-rt9y-uqh7"},{"vulnerability":"VCID-mgx9-9bua-37f3"},{"vulnerability":"VCID-n1sj-dwab-j3ca"},{"vulnerability":"VCID-rr79-famc-37a8"},{"vulnerability":"VCID-vk15-7qdb-xkh9"},{"vulnerability":"VCID-x373-rhh4-7khm"},{"vulnerability":"VCID-xpa3-1n87-8ucv"},{"vulnerability":"VCID-zqax-g5xz-wuch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.2"}],"aliases":["CVE-2013-0263","GHSA-xc85-32mf-xpv8","OSV-89939"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1cf-9x6v-pyhw"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5"}