{"url":"http://public2.vulnerablecode.io/api/packages/88495?format=json","purl":"pkg:rpm/redhat/pcs@0.10.15-4.el8_8?arch=9","type":"rpm","namespace":"redhat","name":"pcs","version":"0.10.15-4.el8_8","qualifiers":{"arch":"9"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21707?format=json","vulnerability_id":"VCID-azu5-jcmd-3ufx","summary":"Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41064","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41281","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41249","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41261","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41253","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41238","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44469","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200","reference_id":"2402200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402200"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772","reference_id":"CVE-2025-61772","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61772"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","reference_id":"CVE-2025-61772.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml"},{"reference_url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","reference_id":"GHSA-wpv5-97wm-hp9c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:19Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[],"aliases":["CVE-2025-61772","GHSA-wpv5-97wm-hp9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azu5-jcmd-3ufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21690?format=json","vulnerability_id":"VCID-c5sc-7qnn-mkb9","summary":"Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26816","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26937","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26999","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27146","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27087","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26973","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27182","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2699","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29328","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628","reference_id":"1117628","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175","reference_id":"2402175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771","reference_id":"CVE-2025-61771","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61771"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","reference_id":"CVE-2025-61771.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml"},{"reference_url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","reference_id":"GHSA-w9pc-fmgc-vxvw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T17:51:58Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[],"aliases":["CVE-2025-61771","GHSA-w9pc-fmgc-vxvw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5sc-7qnn-mkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21554?format=json","vulnerability_id":"VCID-gdhf-e8q1-kbat","summary":"Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters\n`Rack::QueryParser` in version `< 2.2.18` enforces its `params_limit` only for parameters separated by `&`, while still splitting on both `&` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21225","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21203","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21256","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21392","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21145","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21206","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21344","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22201","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22207","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22221","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22371","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/"}],"url":"https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431","reference_id":"1116431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167","reference_id":"2398167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830","reference_id":"CVE-2025-59830","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59830"},{"reference_url":"https://github.com/advisories/GHSA-625h-95r8-8xpm","reference_id":"GHSA-625h-95r8-8xpm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm","reference_id":"GHSA-625h-95r8-8xpm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-25T16:14:17Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://usn.ubuntu.com/7784-1/","reference_id":"USN-7784-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7784-1/"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[],"aliases":["CVE-2025-59830","GHSA-625h-95r8-8xpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdhf-e8q1-kbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21709?format=json","vulnerability_id":"VCID-npag-sz7d-v7b6","summary":"Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3632","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36408","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36438","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36723","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3674","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36721","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36747","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3668","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36844","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3944","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e"},{"reference_url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e"},{"reference_url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627","reference_id":"1117627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174","reference_id":"2402174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770","reference_id":"CVE-2025-61770","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61770"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","reference_id":"CVE-2025-61770.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml"},{"reference_url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","reference_id":"GHSA-p543-xpfm-54cp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:23:07Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[],"aliases":["CVE-2025-61770","GHSA-p543-xpfm-54cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npag-sz7d-v7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21764?format=json","vulnerability_id":"VCID-s971-gkdg-jkhc","summary":"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61919.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44439","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44736","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4475","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44767","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44713","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44632","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44561","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rack/rack","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rack/rack"},{"reference_url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881"},{"reference_url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db"},{"reference_url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856","reference_id":"1117856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180","reference_id":"2403180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919","reference_id":"CVE-2025-61919","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61919"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","reference_id":"CVE-2025-61919.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml"},{"reference_url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","reference_id":"GHSA-6xw4-3v39-52mm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:48:10Z/"}],"url":"https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19512","reference_id":"RHSA-2025:19512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19513","reference_id":"RHSA-2025:19513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19647","reference_id":"RHSA-2025:19647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19719","reference_id":"RHSA-2025:19719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19733","reference_id":"RHSA-2025:19733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19734","reference_id":"RHSA-2025:19734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19736","reference_id":"RHSA-2025:19736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19800","reference_id":"RHSA-2025:19800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19832","reference_id":"RHSA-2025:19832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19855","reference_id":"RHSA-2025:19855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19856","reference_id":"RHSA-2025:19856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19948","reference_id":"RHSA-2025:19948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20962","reference_id":"RHSA-2025:20962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21036","reference_id":"RHSA-2025:21036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21696","reference_id":"RHSA-2025:21696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21696"},{"reference_url":"https://usn.ubuntu.com/7960-1/","reference_id":"USN-7960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7960-1/"}],"fixed_packages":[],"aliases":["CVE-2025-61919","GHSA-6xw4-3v39-52mm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s971-gkdg-jkhc"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pcs@0.10.15-4.el8_8%3Farch=9"}