[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-25126":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":47,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":102,"related":103,"reserved_at":9,"published_at":126,"modified_at":127,"state":128,"summary":129,"references_raw":137,"kevs":172,"epss":173,"epss_history":176,"metrics":436,"affected":448},"CVE-2024-25126","Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","weakness","Draft","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-492","Regular Expression Exponential Blowup",[],[25,34,39],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RACK_RACK","Rack","github","https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","poc",0.3,false,[],{"_key":35,"name":36,"source":28,"url":37,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":38,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RUBYSEC_RUBY-ADVISORY-DB","Ruby Advisory Db","https://github.com/rubysec/ruby-advisory-db/issues/476",[],{"_key":40,"name":41,"source":42,"url":43,"maturity":44,"reliability_score":45,"verified":32,"type":9,"platforms":46,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A2F879B457795FFD","Exploit Reference (discuss.rubyonrails.org)","reference","https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","unknown",0.2,[],[],[],[50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100],{"_key":51},"SUSE-SU-2024:1131-1",{"_key":53},"OPENSUSE-SU-2025:14875-1",{"_key":55},"SUSE-SU-2024:0946-1",{"_key":57},"UBUNTU-CVE-2024-25126",{"_key":59},"USN-6837-1",{"_key":61},"USN-7036-1",{"_key":63},"SUSE-SU-2024:0765-1",{"_key":65},"OPENSUSE-SU-2024:13726-1",{"_key":67},"OPENSUSE-SU-2024:13727-1",{"_key":69},"OPENSUSE-SU-2025:14811-1",{"_key":71},"DLA-3800-1",{"_key":73},"DSA-5698-1",{"_key":75},"OPENSUSE-SU-2026:10358-1",{"_key":77},"OPENSUSE-SU-2026:10286-1",{"_key":79},"RHSA-2024:1841",{"_key":81},"RHSA-2024:1846",{"_key":83},"RHSA-2024:2007",{"_key":85},"RHSA-2024:2113",{"_key":87},"RHSA-2024:2581",{"_key":89},"RHSA-2024:2584",{"_key":91},"RHSA-2024:2953",{"_key":93},"RHSA-2024:3431",{"_key":95},"MGASA-2024-0123",{"_key":97},"DEBIAN-CVE-2024-25126",{"_key":99},"USN-6837-2",{"_key":101},"RHSA-2024:10806",[],[104,105,106,107,108,109,110,111,112,113,114,116,118,120,122,124],{"_key":51},{"_key":53},{"_key":55},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":75},{"_key":77},{"_key":95},{"_key":115},"CGA-266C-V62G-2862",{"_key":117},"CGA-6JHX-XGJG-CX6P",{"_key":119},"CGA-CMC5-RR8W-45QC",{"_key":121},"CGA-PQQQ-69P9-48G7",{"_key":123},"CGA-X8GC-X5HW-P9G9",{"_key":125},"CGA-8J4Q-FF96-64P9","2024-02-28T23:28:07.073Z","2025-02-13T17:40:47.635Z","Analyzed",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":130,"epss_score":131,"severity":132,"severity_score":133,"severity_version":134,"severity_source":135,"severity_vector":136,"severity_status":128},"low",0.0045,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[138,145,151,155,158,163,168],{"url":29,"sources":139,"tags":141},[140,135],"cve.org",[142,143,144],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":146,"sources":147,"tags":148},"https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462",[140,135],[149,150],"X Refsource MISC","Patch",{"url":152,"sources":153,"tags":154},"https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49",[140,135],[149,150],{"url":43,"sources":156,"tags":157},[140,135],[149,143,144],{"url":159,"sources":160,"tags":161},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml",[140,135],[149,143,162],"Third Party Advisory",{"url":164,"sources":165,"tags":166},"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html",[140,135],[167],"Mailing List",{"url":169,"sources":170,"tags":171},"https://security.netapp.com/advisory/ntap-20240510-0005/",[140,135],[162],[],{"date":174,"score":131,"percentile":175},"2026-06-04",0.63982,[177,181,184,187,190,192,195,198,201,204,207,210,213,216,219,223,226,229,233,236,239,242,245,248,251,254,257,260,264,267,270,273,276,279,282,285,288,290,293,296,299,302,305,307,310,313,316,319,322,325,328,331,334,337,340,342,345,348,351,355,358,361,364,366,368,370,373,375,378,381,384,387,390,393,396,399,402,405,407,409,411,413,416,418,420,423,426,428,430,433],{"date":178,"score":179,"percentile":180},"2025-11-04",0.00332,0.55546,{"date":182,"score":179,"percentile":183},"2025-11-05",0.55512,{"date":185,"score":179,"percentile":186},"2025-11-06",0.55522,{"date":188,"score":179,"percentile":189},"2025-11-07",0.55541,{"date":191,"score":179,"percentile":180},"2025-11-08",{"date":193,"score":179,"percentile":194},"2025-11-09",0.55539,{"date":196,"score":179,"percentile":197},"2025-11-10",0.55516,{"date":199,"score":179,"percentile":200},"2025-11-11",0.55529,{"date":202,"score":179,"percentile":203},"2025-11-12",0.55554,{"date":205,"score":179,"percentile":206},"2025-11-13",0.55562,{"date":208,"score":179,"percentile":209},"2025-11-14",0.55564,{"date":211,"score":179,"percentile":212},"2025-11-15",0.55556,{"date":214,"score":179,"percentile":215},"2025-11-16",0.5554,{"date":217,"score":179,"percentile":218},"2025-11-17",0.55531,{"date":220,"score":221,"percentile":222},"2025-11-18",0.0428,0.87731,{"date":224,"score":221,"percentile":225},"2025-11-19",0.87737,{"date":227,"score":221,"percentile":228},"2025-11-20",0.87741,{"date":230,"score":231,"percentile":232},"2025-11-21",0.00342,0.56222,{"date":234,"score":231,"percentile":235},"2025-11-22",0.56217,{"date":237,"score":231,"percentile":238},"2025-11-23",0.56192,{"date":240,"score":231,"percentile":241},"2025-11-24",0.56187,{"date":243,"score":231,"percentile":244},"2025-11-25",0.56193,{"date":246,"score":231,"percentile":247},"2025-11-26",0.56197,{"date":249,"score":231,"percentile":250},"2025-11-27",0.56199,{"date":252,"score":231,"percentile":253},"2025-11-28",0.56175,{"date":255,"score":231,"percentile":256},"2025-11-29",0.56162,{"date":258,"score":231,"percentile":259},"2025-11-30",0.56152,{"date":261,"score":262,"percentile":263},"2025-12-01",0.00321,0.54681,{"date":265,"score":262,"percentile":266},"2025-12-02",0.54698,{"date":268,"score":262,"percentile":269},"2025-12-03",0.54691,{"date":271,"score":179,"percentile":272},"2025-12-04",0.55457,{"date":274,"score":179,"percentile":275},"2025-12-05",0.55473,{"date":277,"score":179,"percentile":278},"2025-12-06",0.55474,{"date":280,"score":179,"percentile":281},"2025-12-07",0.55464,{"date":283,"score":179,"percentile":284},"2025-12-08",0.55465,{"date":286,"score":179,"percentile":287},"2025-12-09",0.55482,{"date":289,"score":179,"percentile":215},"2025-12-10",{"date":291,"score":179,"percentile":292},"2025-12-11",0.55559,{"date":294,"score":179,"percentile":295},"2025-12-12",0.55582,{"date":297,"score":179,"percentile":298},"2025-12-13",0.55575,{"date":300,"score":179,"percentile":301},"2025-12-14",0.55572,{"date":303,"score":179,"percentile":304},"2025-12-15",0.55561,{"date":306,"score":179,"percentile":298},"2025-12-16",{"date":308,"score":179,"percentile":309},"2025-12-17",0.55597,{"date":311,"score":179,"percentile":312},"2025-12-18",0.55636,{"date":314,"score":179,"percentile":315},"2025-12-19",0.55639,{"date":317,"score":179,"percentile":318},"2025-12-20",0.55631,{"date":320,"score":179,"percentile":321},"2025-12-21",0.55608,{"date":323,"score":179,"percentile":324},"2025-12-22",0.55587,{"date":326,"score":179,"percentile":327},"2025-12-23",0.55593,{"date":329,"score":179,"percentile":330},"2025-12-24",0.55599,{"date":332,"score":179,"percentile":333},"2025-12-25",0.55642,{"date":335,"score":179,"percentile":336},"2025-12-26",0.55635,{"date":338,"score":179,"percentile":339},"2025-12-27",0.55681,{"date":341,"score":179,"percentile":309},"2025-12-28",{"date":343,"score":179,"percentile":344},"2025-12-29",0.55581,{"date":346,"score":179,"percentile":347},"2025-12-30",0.55576,{"date":349,"score":179,"percentile":350},"2025-12-31",0.5559,{"date":352,"score":353,"percentile":354},"2026-01-01",0.00312,0.54158,{"date":356,"score":353,"percentile":357},"2026-01-02",0.54137,{"date":359,"score":353,"percentile":360},"2026-01-03",0.5413,{"date":362,"score":179,"percentile":363},"2026-01-04",0.55555,{"date":365,"score":179,"percentile":180},"2026-01-05",{"date":367,"score":179,"percentile":203},"2026-01-06",{"date":369,"score":179,"percentile":295},"2026-01-07",{"date":371,"score":179,"percentile":372},"2026-01-08",0.55603,{"date":374,"score":179,"percentile":330},"2026-01-09",{"date":376,"score":179,"percentile":377},"2026-01-10",0.55598,{"date":379,"score":179,"percentile":380},"2026-01-11",0.55573,{"date":382,"score":179,"percentile":383},"2026-01-12",0.55526,{"date":385,"score":179,"percentile":386},"2026-01-13",0.55503,{"date":388,"score":179,"percentile":389},"2026-01-14",0.55548,{"date":391,"score":179,"percentile":392},"2026-01-15",0.55553,{"date":394,"score":179,"percentile":395},"2026-01-16",0.55574,{"date":397,"score":179,"percentile":398},"2026-01-17",0.55567,{"date":400,"score":179,"percentile":401},"2026-01-18",0.55558,{"date":403,"score":179,"percentile":404},"2026-01-19",0.55549,{"date":406,"score":179,"percentile":392},"2026-01-20",{"date":408,"score":179,"percentile":212},"2026-01-21",{"date":410,"score":179,"percentile":292},"2026-01-22",{"date":412,"score":179,"percentile":372},"2026-01-23",{"date":414,"score":179,"percentile":415},"2026-01-24",0.55607,{"date":417,"score":179,"percentile":398},"2026-01-25",{"date":419,"score":179,"percentile":203},"2026-01-26",{"date":421,"score":179,"percentile":422},"2026-01-27",0.55566,{"date":424,"score":179,"percentile":425},"2026-01-28",0.5558,{"date":427,"score":179,"percentile":295},"2026-01-29",{"date":429,"score":179,"percentile":324},"2026-01-30",{"date":431,"score":179,"percentile":432},"2026-01-31",0.55592,{"date":434,"score":353,"percentile":435},"2026-02-01",0.54117,[437,444],{"source":140,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":9},{"baseScore":439,"baseSeverity":440,"vectorString":441,"impactScore":442,"exploitabilityScore":443},5.3,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",2.3,10,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":9},{"baseScore":133,"baseSeverity":446,"vectorString":136,"impactScore":447,"exploitabilityScore":443},"HIGH",6,[449,458],{"ecosystem":9,"name":450,"vendor":451,"product":452,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"debian linux","debian","debian_linux","o",[455],{"version":456,"is_range":32,"range_type":457,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":459,"vendor":459,"product":459,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},"rack","a",[462,469],{"version":463,"is_range":464,"range_type":457,"version_start":465,"version_start_type":466,"version_end":467,"version_end_type":468,"fixed_in":9},"gte0.4_lt2.2.8.1",true,"0.4","including","2.2.8.1","excluding",{"version":470,"is_range":464,"range_type":457,"version_start":471,"version_start_type":466,"version_end":472,"version_end_type":468,"fixed_in":9},"gte3.0.0_lt3.0.9.1","3.0.0","3.0.9.1"]