VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rack

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-34829 high 8.0 2mo ago Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads susedebianruby
CVE-2026-34827 high 8.0 2mo ago Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters susedebianruby
CVE-2026-34785 high 8.0 2mo ago Rack::Static prefix matching can expose unintended files under the static root susedebianruby
CVE-2026-34230 high 8.0 2mo ago Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header susedebianruby
CVE-2025-61919 high 8.0 8mo ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2025-61770 high 8.0 8mo ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2025-61772 high 8.0 8mo ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2025-61771 high 8.0 8mo ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2025-59830 high 8.0 8mo ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2025-46727 high 8.0 1y ago Important: pcs security update redhatrockylinuxsusedebian+1
CVE-2023-27539 high 8.0 3y ago Important: pcs security and bug fix update redhatrockylinuxsusedebian+1
CVE-2023-27530 high 8.0 3y ago Important: pcs security and bug fix update redhatrockylinuxsusedebian+1
CVE-2022-44572 high 8.0 3y ago A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boun… rockylinuxsusedebianruby
CVE-2022-44571 high 8.0 3y ago There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cau… rockylinuxsusedebianruby
CVE-2022-44570 high 8.0 3y ago A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount o… rockylinuxsusedebianruby
CVE-2026-34835 medium 5.5 2mo ago Rack::Request accepts invalid Host characters, enabling host allowlist bypass susedebianruby
CVE-2026-26961 medium 5.5 2mo ago Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. susedebianruby
CVE-2026-26962 medium 5.5 2mo ago Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values susedebianruby
CVE-2026-32762 medium 5.5 2mo ago Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing susedebianruby
CVE-2026-34763 medium 5.5 2mo ago Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory susedebianruby
CVE-2026-34786 medium 5.5 2mo ago Rack:: Static header_rules bypass via URL-encoded paths susedebianruby
CVE-2026-34826 medium 5.5 2mo ago Rack's multipart byte range processing allows denial of service via excessive overlapping ranges susedebianruby
CVE-2026-34830 medium 5.5 2mo ago Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect susedebianruby
CVE-2026-34831 medium 5.5 2mo ago Rack has Content-Length mismatch in Rack::Files error responses susedebianruby
CVE-2025-25184 medium 5.5 1y ago Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character… redhatsusedebianruby
CVE-2024-26146 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2024-26141 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2024-25126 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2013-0263 medium 5.1 14y ago Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privile… debianruby
CVE-2015-3225 medium 5.0 11y ago lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a… debiansuseruby
CVE-2013-0183 medium 5.0 14y ago multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… debianruby
CVE-2011-5036 medium 5.0 15y ago Rack Gem Subject to Denial of Service via Hash Collisions debianrubyjava
CVE-2013-0262 medium 4.3 14y ago rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable… debianruby
CVE-2013-0184 medium 4.3 14y ago Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of servic… debianruby
CVE-2012-6109 medium 4.3 14y ago lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of ser… debianruby