pkg:Debian/ruby-rack

64 total CVEsCRITICAL1HIGH31MEDIUM24

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2022-30123Possible shell escape sequence injection vulnerability in Rack
    from 0, < 2.1.4-3+deb11u1
  • HIGH8.6CVE-2020-8161ruby-rack - security update
    from 0, < 2.1.1-5
  • HIGH8.6CVE-2020-8161ruby-rack - security update
    from 0, < 1.5.2-3+deb8u3
  • HIGH8.6CVE-2020-8161ruby-rack - security update
    from 0, < 2.0.6-3+deb10u2
  • HIGH8.6CVE-2020-8161ruby-rack - security update
    from 0, < 1.6.4-4+deb9u2
  • HIGH7.5CVE-2026-34829Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
    from 0
  • HIGH7.5CVE-2026-34230Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
    from 0
  • HIGH7.5CVE-2026-34827Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
    from 0
  • HIGH7.5CVE-2026-34785Rack::Static prefix matching can expose unintended files under the static root
    from 0
  • HIGH7.5CVE-2026-22860ruby-rack - security update
    from 0, < 2.2.22-0+deb12u1
  • HIGH7.5CVE-2026-22860ruby-rack - security update
    from 0, < 2.1.4-3+deb11u5
  • HIGH7.5CVE-2026-22860ruby-rack - security update
    from 0, < 2.1.4-3+deb11u5
  • HIGH7.5CVE-2025-61919Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-61772Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-61771Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-61770Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-61770Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
    from 0, < 2.2.20-0+deb12u1
  • HIGH7.5CVE-2025-59830Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-46727Rack has an Unbounded-Parameter DoS in Rack::QueryParser
    from 0, < 2.1.4-3+deb11u4
  • HIGH7.5CVE-2025-27610Local File Inclusion in Rack::Static
    from 0, < 2.1.4-3+deb11u3
  • HIGH7.5CVE-2025-27111Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
    from 0, < 2.1.4-3+deb11u3
  • HIGH7.5CVE-2024-26141Rack has possible DoS Vulnerability with Range Header
    from 0, < 2.1.4-3+deb11u2
  • HIGH7.5CVE-2024-26146Rack Header Parsing leads to Possible Denial of Service Vulnerability
    from 0, < 2.1.4-3+deb11u2
  • HIGH7.5CVE-2023-27530ruby-rack - security update
    from 0, < 2.0.6-3+deb10u3
  • HIGH7.5CVE-2023-27530ruby-rack - security update
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2022-44571Denial of Service Vulnerability in Rack Content-Disposition parsing
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2022-44570Denial of service via header parsing in Rack
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2022-44572Denial of service via multipart parsing in Rack
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2022-30122ruby-rack - security update
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2022-30122ruby-rack - security update
    from 0, < 2.0.6-3+deb10u1
  • HIGH7.5CVE-2022-30122ruby-rack - security update
    from 0, < 2.1.4-3+deb11u1
  • HIGH7.5CVE-2020-8184Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
    from 0, < 2.1.1-6
  • MEDIUM6.5CVE-2025-25184ruby-rack - security update
    from 0, < 2.2.13-1~deb12u1
  • MEDIUM6.5CVE-2025-25184ruby-rack - security update
    from 0, < 2.1.4-3+deb11u3
  • MEDIUM6.5CVE-2025-25184ruby-rack - security update
    from 0, < 2.1.4-3+deb11u3
  • MEDIUM6.3CVE-2019-16782Possible Information Leak / Session Hijack Vulnerability in Rack
    from 0, < 2.1.1-2
  • MEDIUM6.1CVE-2018-16471ruby-rack - security update
    from 0, < 1.5.2-3+deb8u2
  • MEDIUM6.1CVE-2018-16471ruby-rack - security update
    from 0, < 1.6.4-6
  • MEDIUM5.9CVE-2026-34830Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
    from 0
  • MEDIUM5.8CVE-2025-61780Rack has a Possible Information Disclosure Vulnerability
    from 0, < 2.1.4-3+deb11u4
  • MEDIUM5.4CVE-2026-25500Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
    from 0, < 2.1.4-3+deb11u5
  • MEDIUM5.3CVE-2026-34763Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
    from 0
  • MEDIUM5.3CVE-2026-26961Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.
    from 0
  • MEDIUM5.3CVE-2026-34826Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
    from 0
  • MEDIUM5.3CVE-2026-34786Rack:: Static header_rules bypass via URL-encoded paths
    from 0
  • MEDIUM5.3CVE-2025-49007ReDoS Vulnerability in Rack::Multipart handle_mime_head
    from 0, < 3.1.16-0.1
  • MEDIUM5.3CVE-2024-25126ruby-rack - security update
    from 0, < 2.1.4-3+deb11u2
  • MEDIUM5.3CVE-2024-25126ruby-rack - security update
    from 0, < 2.1.4-3+deb11u2
  • MEDIUM5.3CVE-2024-25126ruby-rack - security update
    from 0, < 2.0.6-3+deb10u4
  • MEDIUM5.3CVE-2023-27539Possible Denial of Service Vulnerability in Rack's header parsing
    from 0, < 2.1.4-3+deb11u1
  • MEDIUM4.8CVE-2026-34835Rack::Request accepts invalid Host characters, enabling host allowlist bypass
    from 0
  • MEDIUM4.8CVE-2026-34831Rack has Content-Length mismatch in Rack::Files error responses
    from 0
  • MEDIUM4.8CVE-2026-32762Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
    from 0
  • MEDIUM4.8CVE-2026-26962Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values
    from 0
  • MEDIUM4.2CVE-2025-32441Rack session gets restored after deletion
    from 0, < 2.1.4-3+deb11u4
  • MEDIUM4.2CVE-2025-32441Rack session gets restored after deletion
    from 0, < 2.1.4-3+deb11u4
  • CVE-2011-5036librack-ruby - several
    from 0, < 1.4.0-1
  • CVE-2013-0263Rack arbitrary code execution via timing attack
    from 0, < 1.4.1-2.1
  • CVE-2013-0184Rack vulnerable to Denial of Service
    from 0, < 1.4.1-2.1
  • CVE-2013-0262Rack Vulnerable to Path Traversal
    from 0, < 1.4.1-2.1
  • CVE-2013-0183Rack rubygems receiving excessively long lines triggers out-of-memory error
    from 0, < 1.4.1-2.1
  • CVE-2012-6109Rack vulnerable to REDoS
    from 0, < 1.4.1-2.1
  • CVE-2015-3225ruby-rack - security update
    from 0, < 1.4.1-2.1+deb7u1
  • CVE-2015-3225ruby-rack - security update
    from 0, < 1.5.2-4