VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rack

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-26961 medium 5.5 2mo ago Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. susedebianruby
CVE-2026-34835 medium 5.5 2mo ago Rack::Request accepts invalid Host characters, enabling host allowlist bypass susedebianruby
CVE-2026-34831 medium 5.5 2mo ago Rack has Content-Length mismatch in Rack::Files error responses susedebianruby
CVE-2026-34830 medium 5.5 2mo ago Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect susedebianruby
CVE-2026-34826 medium 5.5 2mo ago Rack's multipart byte range processing allows denial of service via excessive overlapping ranges susedebianruby
CVE-2026-34786 medium 5.5 2mo ago Rack:: Static header_rules bypass via URL-encoded paths susedebianruby
CVE-2026-34763 medium 5.5 2mo ago Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory susedebianruby
CVE-2026-32762 medium 5.5 2mo ago Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing susedebianruby
CVE-2026-26962 medium 5.5 2mo ago Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values susedebianruby
CVE-2025-25184 medium 5.5 1y ago Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character… redhatsusedebianruby
CVE-2024-26146 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2024-26141 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2024-25126 medium 5.5 2y ago Moderate: pcs security update redhatrockylinuxsusedebian+1
CVE-2013-0263 medium 5.1 14y ago Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privile… debianruby
CVE-2015-3225 medium 5.0 11y ago lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a… debiansuseruby
CVE-2013-0183 medium 5.0 14y ago multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… debianruby
CVE-2011-5036 medium 5.0 15y ago Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote atta… debianrubyjava
CVE-2013-0262 medium 4.3 14y ago rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable… debianruby
CVE-2013-0184 medium 4.3 14y ago Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of servic… debianruby
CVE-2012-6109 medium 4.3 14y ago lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of ser… debianruby