Package impact
RUBYGEMS / rack
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-34230 | high | — | 8.0 | 2mo ago | Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header | |
| CVE-2026-34785 | high | — | 8.0 | 2mo ago | Rack::Static prefix matching can expose unintended files under the static root | |
| CVE-2026-34827 | high | — | 8.0 | 2mo ago | Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters | |
| CVE-2026-34829 | high | — | 8.0 | 2mo ago | Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads |