Package impact

RubyGems / rack

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-34829	high	—	8.0	2mo ago	Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
CVE-2026-34827	high	—	8.0	2mo ago	Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
CVE-2026-34785	high	—	8.0	2mo ago	Rack::Static prefix matching can expose unintended files under the static root
CVE-2026-34230	high	—	8.0	2mo ago	Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
CVE-2025-61919	high	—	8.0	8mo ago	Important: pcs security update	+1
CVE-2025-61770	high	—	8.0	8mo ago	Important: pcs security update	+1
CVE-2025-61771	high	—	8.0	8mo ago	Important: pcs security update	+1
CVE-2025-61772	high	—	8.0	8mo ago	Important: pcs security update	+1
CVE-2025-59830	high	—	8.0	8mo ago	Important: pcs security update	+1
CVE-2025-46727	high	—	8.0	1y ago	Important: pcs security update	+1
CVE-2023-27539	high	—	8.0	3y ago	Important: pcs security and bug fix update	+1
CVE-2023-27530	high	—	8.0	3y ago	Important: pcs security and bug fix update	+1
CVE-2022-44572	high	—	8.0	3y ago	A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boun…
CVE-2022-44571	high	—	8.0	3y ago	There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cau…
CVE-2022-44570	high	—	8.0	3y ago	A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount o…