rack
Security Risk Profile
Security Risk Score
Comprehensive risk assessment based on 47 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from January 14, 2013 to present
Threat Assessment
Severity Distribution
Exploit Likelihood
Age Distribution
Common Weaknesses (CWE)
Most Affected Products
Recent Vulnerabilities
See more →Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
Rack: Header injection in multipart requests
Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.
Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx
Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length
Rack: Unbounded Range Count in get_byte_ranges Enables DoS
Rack: Rack::Static header_rules bypass via URL-encoded paths
Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching
Monitor rack in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.