Search for packages
| purl | pkg:gem/rack@1.4 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-91xe-ev7t-akb9
Aliases: CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317 |
Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. |
Affected by 32 other vulnerabilities. |
|
VCID-9uh8-upzm-7bgd
Aliases: CVE-2013-0184 GHSA-v882-ccj6-jc48 OSV-89327 |
Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." |
Affected by 30 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-ge4d-a8z8-m3c6
Aliases: CVE-2011-5036 GHSA-v6j3-7jrw-hq2p OSV-78121 |
Hash Collision Form Parameter Parsing Remote DoS This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. | There are no reported fixed by versions. |
|
VCID-teq8-nqhf-xbbq
Aliases: CVE-2013-0183 GHSA-3pxh-h8hw-mj8w OSV-89320 |
Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. |
Affected by 31 other vulnerabilities. |
|
VCID-y12d-fjpf-uubh
Aliases: CVE-2013-0263 GHSA-xc85-32mf-xpv8 OSV-89939 |
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. |
Affected by 28 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 29 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:30.274258+00:00 | Ruby Importer | Affected by | VCID-y12d-fjpf-uubh | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0263.yml | 38.0.0 |
| 2026-04-01T15:18:29.848498+00:00 | Ruby Importer | Affected by | VCID-91xe-ev7t-akb9 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml | 38.0.0 |
| 2026-04-01T15:18:29.725273+00:00 | Ruby Importer | Affected by | VCID-ge4d-a8z8-m3c6 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml | 38.0.0 |
| 2026-04-01T15:18:29.414108+00:00 | Ruby Importer | Affected by | VCID-teq8-nqhf-xbbq | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml | 38.0.0 |
| 2026-04-01T15:18:29.353628+00:00 | Ruby Importer | Affected by | VCID-9uh8-upzm-7bgd | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0184.yml | 38.0.0 |