Package impact
RUBYGEMS / rack
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34230 | high | — | 8.0 | 2mo ago | Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header | |||
| CVE-2026-34785 | high | — | 8.0 | 2mo ago | Rack::Static prefix matching can expose unintended files under the static root | |||
| CVE-2026-34827 | high | — | 8.0 | 2mo ago | Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters | |||
| CVE-2026-34829 | high | — | 8.0 | 2mo ago | Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads |