Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rack-protection@2.0.0.rc2
purl pkg:gem/rack-protection@2.0.0.rc2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-nwqq-fdtk-dudg
Aliases:
CVE-2018-7212
GHSA-h29f-7f56-j8wh
Path traversal on Windows Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.
2.0.1
Affected by 1 other vulnerability.
VCID-q4x5-bxn7-5yht
Aliases:
CVE-2018-1000119
GHSA-688c-3x49-6rqj
Timing attack vulnerability Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.
2.0.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:41:58.919132+00:00 GitLab Importer Affected by VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.4.0
2026-04-16T20:41:40.908878+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.4.0
2026-04-16T17:37:45.952907+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.4.0
2026-04-11T21:52:35.096640+00:00 GitLab Importer Affected by VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.3.0
2026-04-11T21:52:16.807339+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.3.0
2026-04-11T21:34:42.292874+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.3.0
2026-04-02T22:06:22.411014+00:00 GitLab Importer Affected by VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.1.0
2026-04-02T22:06:03.826687+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.1.0
2026-04-02T19:33:00.788682+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.1.0
2026-04-01T16:23:20.365885+00:00 GitLab Importer Affected by VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.0.0
2026-04-01T16:23:02.434267+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.0.0
2026-04-01T15:49:57.911452+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.0.0