[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26146":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":80,"related":81,"reserved_at":9,"published_at":106,"modified_at":107,"state":108,"summary":109,"references_raw":118,"kevs":162,"epss":163,"epss_history":166,"metrics":440,"affected":452},"CVE-2024-26146","Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","weakness","Draft","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[],[],[28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78],{"_key":29},"SUSE-SU-2024:1131-1",{"_key":31},"OPENSUSE-SU-2025:14875-1",{"_key":33},"SUSE-SU-2024:0946-1",{"_key":35},"UBUNTU-CVE-2024-26146",{"_key":37},"USN-6837-1",{"_key":39},"USN-7036-1",{"_key":41},"SUSE-SU-2024:0765-1",{"_key":43},"OPENSUSE-SU-2024:13726-1",{"_key":45},"OPENSUSE-SU-2024:13727-1",{"_key":47},"OPENSUSE-SU-2025:14811-1",{"_key":49},"DLA-3800-1",{"_key":51},"DSA-5698-1",{"_key":53},"OPENSUSE-SU-2026:10358-1",{"_key":55},"OPENSUSE-SU-2026:10286-1",{"_key":57},"RHSA-2024:1841",{"_key":59},"RHSA-2024:1846",{"_key":61},"RHSA-2024:2007",{"_key":63},"RHSA-2024:2113",{"_key":65},"RHSA-2024:2581",{"_key":67},"RHSA-2024:2584",{"_key":69},"RHSA-2024:2953",{"_key":71},"RHSA-2024:3431",{"_key":73},"MGASA-2024-0123",{"_key":75},"DEBIAN-CVE-2024-26146",{"_key":77},"USN-6837-2",{"_key":79},"RHSA-2024:10806",[],[82,83,84,85,87,88,89,90,91,92,93,94,96,98,100,102,104],{"_key":29},{"_key":31},{"_key":33},{"_key":86},"USN-6689-1",{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":53},{"_key":55},{"_key":73},{"_key":95},"CGA-862G-FFQ3-Q4Q4",{"_key":97},"CGA-FHW2-86GF-84WG",{"_key":99},"CGA-QF62-XG23-7WRF",{"_key":101},"CGA-R2VH-PFMH-4JRJ",{"_key":103},"CGA-WRRX-G3XJ-522X",{"_key":105},"CGA-JGXX-43RW-77RV","2024-02-28T23:28:01.158Z","2025-02-13T17:41:07.669Z","Analyzed",{"cisa_kev":110,"cisa_ransomware":110,"cisa_vendor":9,"epss_severity":111,"epss_score":112,"severity":113,"severity_score":114,"severity_version":115,"severity_source":116,"severity_vector":117,"severity_status":108},false,"low",0.00775,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[119,126,132,136,140,144,148,153,158],{"url":120,"sources":121,"tags":123},"https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f",[122,116],"cve.org",[124,125],"X Refsource CONFIRM","Vendor Advisory",{"url":127,"sources":128,"tags":129},"https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716",[122,116],[130,131],"X Refsource MISC","Patch",{"url":133,"sources":134,"tags":135},"https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582",[122,116],[130,131],{"url":137,"sources":138,"tags":139},"https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f",[122,116],[130,131],{"url":141,"sources":142,"tags":143},"https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd",[122,116],[130,131],{"url":145,"sources":146,"tags":147},"https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942",[122,116],[130,125],{"url":149,"sources":150,"tags":151},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml",[122,116],[130,152],"Third Party Advisory",{"url":154,"sources":155,"tags":156},"https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html",[122,116],[157],"Mailing List",{"url":159,"sources":160,"tags":161},"https://security.netapp.com/advisory/ntap-20240510-0006/",[122,116],[152],[],{"date":164,"score":112,"percentile":165},"2026-06-04",0.73967,[167,171,174,177,180,183,186,189,191,194,197,200,203,206,209,213,215,218,222,225,228,231,234,237,240,243,246,249,253,256,259,262,265,268,271,274,277,280,283,286,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,348,351,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,406,409,412,415,418,421,424,427,430,433,436],{"date":168,"score":169,"percentile":170},"2025-11-04",0.00572,0.67786,{"date":172,"score":169,"percentile":173},"2025-11-05",0.67766,{"date":175,"score":169,"percentile":176},"2025-11-06",0.67769,{"date":178,"score":169,"percentile":179},"2025-11-07",0.67781,{"date":181,"score":169,"percentile":182},"2025-11-08",0.67782,{"date":184,"score":169,"percentile":185},"2025-11-09",0.67773,{"date":187,"score":169,"percentile":188},"2025-11-10",0.67763,{"date":190,"score":169,"percentile":176},"2025-11-11",{"date":192,"score":169,"percentile":193},"2025-11-12",0.6779,{"date":195,"score":169,"percentile":196},"2025-11-13",0.678,{"date":198,"score":169,"percentile":199},"2025-11-14",0.67807,{"date":201,"score":169,"percentile":202},"2025-11-15",0.67805,{"date":204,"score":169,"percentile":205},"2025-11-16",0.67801,{"date":207,"score":169,"percentile":208},"2025-11-17",0.67795,{"date":210,"score":211,"percentile":212},"2025-11-18",0.28215,0.96208,{"date":214,"score":211,"percentile":212},"2025-11-19",{"date":216,"score":211,"percentile":217},"2025-11-20",0.96209,{"date":219,"score":220,"percentile":221},"2025-11-21",0.00516,0.65831,{"date":223,"score":220,"percentile":224},"2025-11-22",0.65838,{"date":226,"score":220,"percentile":227},"2025-11-23",0.65823,{"date":229,"score":220,"percentile":230},"2025-11-24",0.65809,{"date":232,"score":220,"percentile":233},"2025-11-25",0.65813,{"date":235,"score":220,"percentile":236},"2025-11-26",0.65819,{"date":238,"score":220,"percentile":239},"2025-11-27",0.65824,{"date":241,"score":220,"percentile":242},"2025-11-28",0.65808,{"date":244,"score":220,"percentile":245},"2025-11-29",0.65789,{"date":247,"score":220,"percentile":248},"2025-11-30",0.65785,{"date":250,"score":251,"percentile":252},"2025-12-01",0.01104,0.77545,{"date":254,"score":251,"percentile":255},"2025-12-02",0.77553,{"date":257,"score":251,"percentile":258},"2025-12-03",0.77538,{"date":260,"score":169,"percentile":261},"2025-12-04",0.67767,{"date":263,"score":169,"percentile":264},"2025-12-05",0.6778,{"date":266,"score":169,"percentile":267},"2025-12-06",0.67784,{"date":269,"score":169,"percentile":270},"2025-12-07",0.67779,{"date":272,"score":169,"percentile":273},"2025-12-08",0.67783,{"date":275,"score":169,"percentile":276},"2025-12-09",0.67814,{"date":278,"score":169,"percentile":279},"2025-12-10",0.6786,{"date":281,"score":169,"percentile":282},"2025-12-11",0.6788,{"date":284,"score":169,"percentile":285},"2025-12-12",0.67906,{"date":287,"score":288,"percentile":289},"2025-12-13",0.00527,0.66386,{"date":291,"score":288,"percentile":292},"2025-12-14",0.66387,{"date":294,"score":288,"percentile":295},"2025-12-15",0.66384,{"date":297,"score":288,"percentile":298},"2025-12-16",0.66399,{"date":300,"score":288,"percentile":301},"2025-12-17",0.66414,{"date":303,"score":288,"percentile":304},"2025-12-18",0.66452,{"date":306,"score":288,"percentile":307},"2025-12-19",0.66468,{"date":309,"score":288,"percentile":310},"2025-12-20",0.66466,{"date":312,"score":288,"percentile":313},"2025-12-21",0.66456,{"date":315,"score":288,"percentile":316},"2025-12-22",0.66455,{"date":318,"score":288,"percentile":319},"2025-12-23",0.66448,{"date":321,"score":288,"percentile":322},"2025-12-24",0.66457,{"date":324,"score":288,"percentile":325},"2025-12-25",0.66491,{"date":327,"score":288,"percentile":328},"2025-12-26",0.66489,{"date":330,"score":288,"percentile":331},"2025-12-27",0.66548,{"date":333,"score":288,"percentile":334},"2025-12-28",0.66462,{"date":336,"score":288,"percentile":337},"2025-12-29",0.66453,{"date":339,"score":288,"percentile":340},"2025-12-30",0.66471,{"date":342,"score":288,"percentile":343},"2025-12-31",0.66493,{"date":345,"score":346,"percentile":347},"2026-01-01",0.01127,0.77929,{"date":349,"score":346,"percentile":350},"2026-01-02",0.7793,{"date":352,"score":346,"percentile":347},"2026-01-03",{"date":354,"score":288,"percentile":355},"2026-01-04",0.6649,{"date":357,"score":288,"percentile":358},"2026-01-05",0.66474,{"date":360,"score":288,"percentile":361},"2026-01-06",0.66485,{"date":363,"score":169,"percentile":364},"2026-01-07",0.6802,{"date":366,"score":169,"percentile":367},"2026-01-08",0.68035,{"date":369,"score":169,"percentile":370},"2026-01-09",0.68044,{"date":372,"score":169,"percentile":373},"2026-01-10",0.68045,{"date":375,"score":169,"percentile":376},"2026-01-11",0.6804,{"date":378,"score":169,"percentile":379},"2026-01-12",0.68029,{"date":381,"score":169,"percentile":382},"2026-01-13",0.68026,{"date":384,"score":169,"percentile":385},"2026-01-14",0.68064,{"date":387,"score":169,"percentile":388},"2026-01-15",0.68068,{"date":390,"score":169,"percentile":391},"2026-01-16",0.68085,{"date":393,"score":169,"percentile":394},"2026-01-17",0.68075,{"date":396,"score":169,"percentile":397},"2026-01-18",0.68063,{"date":399,"score":169,"percentile":400},"2026-01-19",0.6805,{"date":402,"score":169,"percentile":403},"2026-01-20",0.6806,{"date":405,"score":169,"percentile":388},"2026-01-21",{"date":407,"score":169,"percentile":408},"2026-01-22",0.68078,{"date":410,"score":169,"percentile":411},"2026-01-23",0.68106,{"date":413,"score":169,"percentile":414},"2026-01-24",0.68117,{"date":416,"score":169,"percentile":417},"2026-01-25",0.68089,{"date":419,"score":169,"percentile":420},"2026-01-26",0.68079,{"date":422,"score":169,"percentile":423},"2026-01-27",0.68086,{"date":425,"score":169,"percentile":426},"2026-01-28",0.68098,{"date":428,"score":169,"percentile":429},"2026-01-29",0.68099,{"date":431,"score":169,"percentile":432},"2026-01-30",0.68104,{"date":434,"score":169,"percentile":435},"2026-01-31",0.68109,{"date":437,"score":438,"percentile":439},"2026-02-01",0.01223,0.78828,[441,448],{"source":122,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":443,"baseSeverity":444,"vectorString":445,"impactScore":446,"exploitabilityScore":447},5.3,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",2.3,10,{"source":116,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":114,"baseSeverity":450,"vectorString":117,"impactScore":451,"exploitabilityScore":447},"HIGH",6,[453,462],{"ecosystem":9,"name":454,"vendor":455,"product":456,"cpe_part":457,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":458},"debian linux","debian","debian_linux","o",[459],{"version":460,"is_range":110,"range_type":461,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":463,"vendor":463,"product":463,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"rack","a",[466,473,476,479,483],{"version":467,"is_range":468,"range_type":122,"version_start":469,"version_start_type":470,"version_end":471,"version_end_type":472,"fixed_in":9},"gte3.0.0_lt3.0.9.1",true,"3.0.0","including","3.0.9.1","excluding",{"version":474,"is_range":468,"range_type":122,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":472,"fixed_in":9},"\u003C 2.0.9.4","2.0.9.4",{"version":477,"is_range":468,"range_type":461,"version_start":478,"version_start_type":470,"version_end":475,"version_end_type":472,"fixed_in":9},"gte0.4_lt2.0.9.4","0.4",{"version":480,"is_range":468,"range_type":461,"version_start":481,"version_start_type":470,"version_end":482,"version_end_type":472,"fixed_in":9},"gte2.1.0_lt2.1.4.4","2.1.0","2.1.4.4",{"version":484,"is_range":468,"range_type":461,"version_start":485,"version_start_type":470,"version_end":486,"version_end_type":472,"fixed_in":9},"gte2.2.0_lt2.2.8.1","2.2.0","2.2.8.1"]