[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26141":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":116,"duplicate_of":9,"upstream":117,"downstream":118,"duplicates":171,"related":172,"reserved_at":9,"published_at":197,"modified_at":198,"state":199,"summary":200,"references_raw":208,"kevs":244,"epss":245,"epss_history":248,"metrics":507,"affected":519},"CVE-2024-26141","Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",null,[11,86],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],{"_key":87,"id":87,"name":88,"description":89,"type":90,"status":91,"abstraction":9,"likelihood_of_exploit":9,"capec":92},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[94,103,108],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":102,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RACK_RACK","Rack","github","https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","poc",0.3,false,[],{"_key":104,"name":105,"source":97,"url":106,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":107,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RUBYSEC_RUBY-ADVISORY-DB","Ruby Advisory Db","https://github.com/rubysec/ruby-advisory-db/issues/476",[],{"_key":109,"name":110,"source":111,"url":112,"maturity":113,"reliability_score":114,"verified":101,"type":9,"platforms":115,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C6EF49F188386ED5","Exploit Reference (discuss.rubyonrails.org)","reference","https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","unknown",0.2,[],[],[],[119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169],{"_key":120},"SUSE-SU-2024:1131-1",{"_key":122},"OPENSUSE-SU-2025:14875-1",{"_key":124},"SUSE-SU-2024:0946-1",{"_key":126},"UBUNTU-CVE-2024-26141",{"_key":128},"USN-6837-1",{"_key":130},"USN-7036-1",{"_key":132},"SUSE-SU-2024:0765-1",{"_key":134},"OPENSUSE-SU-2024:13726-1",{"_key":136},"OPENSUSE-SU-2024:13727-1",{"_key":138},"OPENSUSE-SU-2025:14811-1",{"_key":140},"DLA-3800-1",{"_key":142},"DSA-5698-1",{"_key":144},"OPENSUSE-SU-2026:10358-1",{"_key":146},"OPENSUSE-SU-2026:10286-1",{"_key":148},"RHSA-2024:1841",{"_key":150},"RHSA-2024:1846",{"_key":152},"RHSA-2024:2007",{"_key":154},"RHSA-2024:2113",{"_key":156},"RHSA-2024:2581",{"_key":158},"RHSA-2024:2584",{"_key":160},"RHSA-2024:2953",{"_key":162},"RHSA-2024:3431",{"_key":164},"MGASA-2024-0123",{"_key":166},"DEBIAN-CVE-2024-26141",{"_key":168},"USN-6837-2",{"_key":170},"RHSA-2024:10806",[],[173,174,175,176,178,179,180,181,182,183,184,185,187,189,191,193,195],{"_key":120},{"_key":122},{"_key":124},{"_key":177},"USN-6689-1",{"_key":132},{"_key":134},{"_key":136},{"_key":138},{"_key":144},{"_key":146},{"_key":164},{"_key":186},"CGA-45G9-VHCP-R7RP",{"_key":188},"CGA-5M7M-662W-65RR",{"_key":190},"CGA-F9HM-86XJ-8JH8",{"_key":192},"CGA-HWQQ-GRR4-R6VG",{"_key":194},"CGA-W4P6-P67M-3GC4",{"_key":196},"CGA-P6Q3-FJ97-5V8W","2024-02-28T23:28:10.503Z","2025-02-13T17:41:04.867Z","Analyzed",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":201,"epss_score":202,"severity":203,"severity_score":204,"severity_version":205,"severity_source":206,"severity_vector":207,"severity_status":199},"low",0.0041,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[209,217,223,227,230,235,240],{"url":210,"sources":211,"tags":213},"https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6",[212,206],"cve.org",[214,215,216],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":218,"sources":219,"tags":220},"https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9",[212,206],[221,222],"X Refsource MISC","Patch",{"url":224,"sources":225,"tags":226},"https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b",[212,206],[221,222],{"url":112,"sources":228,"tags":229},[212,206],[221,215,216],{"url":231,"sources":232,"tags":233},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml",[212,206],[221,215,234],"Third Party Advisory",{"url":236,"sources":237,"tags":238},"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html",[212,206],[239],"Mailing List",{"url":241,"sources":242,"tags":243},"https://security.netapp.com/advisory/ntap-20240510-0007/",[212,206],[234],[],{"date":246,"score":202,"percentile":247},"2026-06-04",0.61665,[249,253,256,259,262,265,268,271,274,277,280,283,285,288,291,295,298,301,305,307,310,313,316,318,321,324,327,330,334,337,340,343,346,348,351,353,356,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,414,417,420,424,427,430,433,436,439,441,444,447,449,451,454,457,459,462,464,466,469,472,475,478,481,483,486,488,490,493,496,498,501,504],{"date":250,"score":251,"percentile":252},"2025-11-04",0.00294,0.52364,{"date":254,"score":251,"percentile":255},"2025-11-05",0.52337,{"date":257,"score":251,"percentile":258},"2025-11-06",0.52354,{"date":260,"score":251,"percentile":261},"2025-11-07",0.52376,{"date":263,"score":251,"percentile":264},"2025-11-08",0.52378,{"date":266,"score":251,"percentile":267},"2025-11-09",0.52374,{"date":269,"score":251,"percentile":270},"2025-11-10",0.52345,{"date":272,"score":251,"percentile":273},"2025-11-11",0.52359,{"date":275,"score":251,"percentile":276},"2025-11-12",0.52386,{"date":278,"score":251,"percentile":279},"2025-11-13",0.5239,{"date":281,"score":251,"percentile":282},"2025-11-14",0.52392,{"date":284,"score":251,"percentile":276},"2025-11-15",{"date":286,"score":251,"percentile":287},"2025-11-16",0.52366,{"date":289,"score":251,"percentile":290},"2025-11-17",0.52349,{"date":292,"score":293,"percentile":294},"2025-11-18",0.0428,0.87731,{"date":296,"score":293,"percentile":297},"2025-11-19",0.87737,{"date":299,"score":293,"percentile":300},"2025-11-20",0.87741,{"date":302,"score":303,"percentile":304},"2025-11-21",0.00303,0.531,{"date":306,"score":303,"percentile":304},"2025-11-22",{"date":308,"score":303,"percentile":309},"2025-11-23",0.53059,{"date":311,"score":303,"percentile":312},"2025-11-24",0.5305,{"date":314,"score":303,"percentile":315},"2025-11-25",0.53056,{"date":317,"score":303,"percentile":309},"2025-11-26",{"date":319,"score":303,"percentile":320},"2025-11-27",0.53064,{"date":322,"score":303,"percentile":323},"2025-11-28",0.53037,{"date":325,"score":303,"percentile":326},"2025-11-29",0.53017,{"date":328,"score":303,"percentile":329},"2025-11-30",0.53011,{"date":331,"score":332,"percentile":333},"2025-12-01",0.00386,0.59177,{"date":335,"score":332,"percentile":336},"2025-12-02",0.59195,{"date":338,"score":332,"percentile":339},"2025-12-03",0.592,{"date":341,"score":251,"percentile":342},"2025-12-04",0.52276,{"date":344,"score":251,"percentile":345},"2025-12-05",0.52296,{"date":347,"score":251,"percentile":345},"2025-12-06",{"date":349,"score":251,"percentile":350},"2025-12-07",0.52286,{"date":352,"score":251,"percentile":350},"2025-12-08",{"date":354,"score":251,"percentile":355},"2025-12-09",0.52305,{"date":357,"score":251,"percentile":252},"2025-12-10",{"date":359,"score":251,"percentile":360},"2025-12-11",0.52382,{"date":362,"score":251,"percentile":363},"2025-12-12",0.52409,{"date":365,"score":251,"percentile":366},"2025-12-13",0.52401,{"date":368,"score":251,"percentile":369},"2025-12-14",0.52387,{"date":371,"score":251,"percentile":372},"2025-12-15",0.5237,{"date":374,"score":251,"percentile":375},"2025-12-16",0.52384,{"date":377,"score":251,"percentile":378},"2025-12-17",0.52404,{"date":380,"score":251,"percentile":381},"2025-12-18",0.52443,{"date":383,"score":251,"percentile":384},"2025-12-19",0.52448,{"date":386,"score":251,"percentile":387},"2025-12-20",0.5243,{"date":389,"score":251,"percentile":390},"2025-12-21",0.52408,{"date":392,"score":251,"percentile":393},"2025-12-22",0.52389,{"date":395,"score":251,"percentile":396},"2025-12-23",0.52393,{"date":398,"score":251,"percentile":399},"2025-12-24",0.52407,{"date":401,"score":251,"percentile":402},"2025-12-25",0.52453,{"date":404,"score":251,"percentile":405},"2025-12-26",0.52446,{"date":407,"score":251,"percentile":408},"2025-12-27",0.52484,{"date":410,"score":251,"percentile":411},"2025-12-28",0.52423,{"date":413,"score":251,"percentile":366},"2025-12-29",{"date":415,"score":251,"percentile":416},"2025-12-30",0.52394,{"date":418,"score":251,"percentile":419},"2025-12-31",0.52412,{"date":421,"score":422,"percentile":423},"2026-01-01",0.00376,0.58786,{"date":425,"score":422,"percentile":426},"2026-01-02",0.58771,{"date":428,"score":422,"percentile":429},"2026-01-03",0.58767,{"date":431,"score":251,"percentile":432},"2026-01-04",0.52385,{"date":434,"score":251,"percentile":435},"2026-01-05",0.52373,{"date":437,"score":251,"percentile":438},"2026-01-06",0.52379,{"date":440,"score":251,"percentile":366},"2026-01-07",{"date":442,"score":251,"percentile":443},"2026-01-08",0.52421,{"date":445,"score":251,"percentile":446},"2026-01-09",0.5241,{"date":448,"score":251,"percentile":399},"2026-01-10",{"date":450,"score":251,"percentile":393},"2026-01-11",{"date":452,"score":251,"percentile":453},"2026-01-12",0.52348,{"date":455,"score":251,"percentile":456},"2026-01-13",0.52323,{"date":458,"score":251,"percentile":287},"2026-01-14",{"date":460,"score":251,"percentile":461},"2026-01-15",0.52367,{"date":463,"score":251,"percentile":432},"2026-01-16",{"date":465,"score":251,"percentile":461},"2026-01-17",{"date":467,"score":251,"percentile":468},"2026-01-18",0.52352,{"date":470,"score":251,"percentile":471},"2026-01-19",0.52335,{"date":473,"score":251,"percentile":474},"2026-01-20",0.52333,{"date":476,"score":251,"percentile":477},"2026-01-21",0.5234,{"date":479,"score":251,"percentile":480},"2026-01-22",0.52347,{"date":482,"score":251,"percentile":396},"2026-01-23",{"date":484,"score":251,"percentile":485},"2026-01-24",0.524,{"date":487,"score":251,"percentile":258},"2026-01-25",{"date":489,"score":251,"percentile":471},"2026-01-26",{"date":491,"score":251,"percentile":492},"2026-01-27",0.52343,{"date":494,"score":251,"percentile":495},"2026-01-28",0.52356,{"date":497,"score":251,"percentile":258},"2026-01-29",{"date":499,"score":251,"percentile":500},"2026-01-30",0.52355,{"date":502,"score":251,"percentile":503},"2026-01-31",0.52361,{"date":505,"score":422,"percentile":506},"2026-02-01",0.5878,[508,515],{"source":212,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":509,"cvss_v4_0":9},{"baseScore":510,"baseSeverity":511,"vectorString":512,"impactScore":513,"exploitabilityScore":514},5.8,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",2.3,10,{"source":206,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":516,"cvss_v4_0":9},{"baseScore":204,"baseSeverity":517,"vectorString":207,"impactScore":518,"exploitabilityScore":514},"HIGH",6,[520,529],{"ecosystem":9,"name":521,"vendor":522,"product":523,"cpe_part":524,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":525},"debian linux","debian","debian_linux","o",[526],{"version":527,"is_range":101,"range_type":528,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":530,"vendor":530,"product":530,"cpe_part":531,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":532},"rack","a",[533,540],{"version":534,"is_range":535,"range_type":528,"version_start":536,"version_start_type":537,"version_end":538,"version_end_type":539,"fixed_in":9},"gte1.3.0_lt2.2.8.1",true,"1.3.0","including","2.2.8.1","excluding",{"version":541,"is_range":535,"range_type":528,"version_start":542,"version_start_type":537,"version_end":543,"version_end_type":539,"fixed_in":9},"gte3.0.0_lt3.0.9.1","3.0.0","3.0.9.1"]