VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2013:0544
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
epss	0.00828	https://api.first.org/data/v1/epss?cve=CVE-2012-6109
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=895277
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-h77x-m5q8-c29h
generic_textual	MODERATE	https://github.com/rack/rack
generic_textual	MODERATE	https://github.com/rack/rack/blob/master/README.rdoc
generic_textual	MODERATE	https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml
generic_textual	MODERATE	https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
generic_textual	MODERATE	https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2012-6109
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-6109
generic_textual	MODERATE	https://rhn.redhat.com/errata/RHSA-2013-0544.html

System

Score

Found at

generic_textual

MODERATE

https://access.redhat.com/errata/RHSA-2013:0544

generic_textual

MODERATE

https://access.redhat.com/security/cve/CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

epss

0.00828

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=895277

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-h77x-m5q8-c29h

generic_textual

MODERATE

https://github.com/rack/rack

generic_textual

MODERATE

https://github.com/rack/rack/blob/master/README.rdoc

generic_textual

MODERATE

https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5

generic_textual

MODERATE

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml

generic_textual

MODERATE

https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

generic_textual

MODERATE

https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

cvssv2

4.3

https://nvd.nist.gov/vuln/detail/CVE-2012-6109

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2012-6109

generic_textual

MODERATE

https://rhn.redhat.com/errata/RHSA-2013-0544.html

Reference id	Reference type	URL
		http://rack.github.com/
		http://rhn.redhat.com/errata/RHSA-2013-0544.html
		http://rhn.redhat.com/errata/RHSA-2013-0548.html
		https://access.redhat.com/errata/RHSA-2013:0544
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json
		https://access.redhat.com/security/cve/CVE-2012-6109
		https://api.first.org/data/v1/epss?cve=CVE-2012-6109
		https://bugzilla.redhat.com/show_bug.cgi?id=895277
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109
		https://github.com/rack/rack
		https://github.com/rack/rack/blob/master/README.rdoc
		https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml
		https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
		https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
		https://rhn.redhat.com/errata/RHSA-2013-0544.html
698440		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440
cpe:2.3:a:rack_project:rack::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack::::::::
cpe:2.3:a:rack_project:rack:0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.1:::::::*
cpe:2.3:a:rack_project:rack:0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.2:::::::*
cpe:2.3:a:rack_project:rack:0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.3:::::::*
cpe:2.3:a:rack_project:rack:0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.4:::::::*
cpe:2.3:a:rack_project:rack:0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9:::::::*
cpe:2.3:a:rack_project:rack:0.9.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9.1:::::::*
cpe:2.3:a:rack_project:rack:1.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.0:::::::*
cpe:2.3:a:rack_project:rack:1.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.1:::::::*
cpe:2.3:a:rack_project:rack:1.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:::::::*
cpe:2.3:a:rack_project:rack:1.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:::::::*
cpe:2.3:a:rack_project:rack:1.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:::::::*
cpe:2.3:a:rack_project:rack:1.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:::::::*
cpe:2.3:a:rack_project:rack:1.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:::::::*
cpe:2.3:a:rack_project:rack:1.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:::::::*
cpe:2.3:a:rack_project:rack:1.2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:::::::*
cpe:2.3:a:rack_project:rack:1.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:::::::*
cpe:2.3:a:rack_project:rack:1.3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:::::::*
cpe:2.3:a:rack_project:rack:1.3.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:::::::*
cpe:2.3:a:rack_project:rack:1.3.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:::::::*
cpe:2.3:a:rack_project:rack:1.3.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:::::::*
cpe:2.3:a:rack_project:rack:1.3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:::::::*
cpe:2.3:a:rack_project:rack:1.3.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:::::::*
cpe:2.3:a:rack_project:rack:1.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:::::::*
cpe:2.3:a:rack_project:rack:1.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:::::::*
CVE-2012-6109		https://nvd.nist.gov/vuln/detail/CVE-2012-6109
GHSA-h77x-m5q8-c29h		https://github.com/advisories/GHSA-h77x-m5q8-c29h
GLSA-201405-10		https://security.gentoo.org/glsa/201405-10

Reference id

Reference type

URL

http://rack.github.com/

http://rhn.redhat.com/errata/RHSA-2013-0544.html

http://rhn.redhat.com/errata/RHSA-2013-0548.html

https://access.redhat.com/errata/RHSA-2013:0544

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json

https://access.redhat.com/security/cve/CVE-2012-6109

https://api.first.org/data/v1/epss?cve=CVE-2012-6109

https://bugzilla.redhat.com/show_bug.cgi?id=895277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109

https://github.com/rack/rack

https://github.com/rack/rack/blob/master/README.rdoc

https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml

https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ

https://rhn.redhat.com/errata/RHSA-2013-0544.html

698440

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440

cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*

CVE-2012-6109

https://nvd.nist.gov/vuln/detail/CVE-2012-6109

GHSA-h77x-m5q8-c29h

https://github.com/advisories/GHSA-h77x-m5q8-c29h

GLSA-201405-10

https://security.gentoo.org/glsa/201405-10

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:48.351367+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2012-6109.yml	38.0.0

2026-04-01T12:46:48.351367+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2012-6109.yml

38.0.0

Vulnerability ID	VCID-91xe-ev7t-akb9
Aliases	CVE-2012-6109 GHSA-h77x-m5q8-c29h OSV-89317
Summary	Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-835	Loop with Unreachable Exit Condition ('Infinite Loop')

Percentile	0.7445
EPSS Score	0.00828
Published At	April 1, 2026, 12:55 p.m.