rack vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rack package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling	>=3.2.0, <3.2.3>=3.0.0, <3.1.18<2.2.20
M Information Exposure	<2.2.20>=3.0.0.beta1, <3.1.18>=3.2.0, <3.2.3
H Allocation of Resources Without Limits or Throttling	<2.2.19>=3.1.0, <3.1.17>=3.2.0, <3.2.2
H Allocation of Resources Without Limits or Throttling	<2.2.19>=3.1.0, <3.1.17>=3.2.0, <3.2.2
H Allocation of Resources Without Limits or Throttling	<2.2.19>=3.1.0, <3.1.17>=3.2.0, <3.2.2
H Allocation of Resources Without Limits or Throttling	<2.2.18
H Allocation of Resources Without Limits or Throttling	>=3.1.0, <3.1.16
L Race Condition	<2.2.14
H Allocation of Resources Without Limits or Throttling	<2.2.14>=3.0.0.beta1, <3.0.16>=3.1.0, <3.1.14
H Relative Path Traversal	<2.2.13>=3.0.0.beta1, <3.0.14>=3.1.0, <3.1.12
M Improper Output Neutralization for Logs	<2.2.12>=3.0.0.beta1, <3.0.13>=3.1.0, <3.1.11
H Improper Output Neutralization for Logs	<2.2.11>=3.0.0, <3.0.12>=3.1.0, <3.1.10
M Regular Expression Denial of Service (ReDoS)	>=3.1.0, <3.1.5
H Denial of Service (DoS)	>=1.3.0, <2.2.8.1>=3.0.0, <3.0.9.1
M Regular Expression Denial of Service (ReDoS)	>=0.4.0, <2.2.8.1>=3.0.0, <3.0.9.1
M Regular Expression Denial of Service (ReDoS)	<2.0.9.4>=2.1.0, <2.1.4.4>=2.2.0, <2.2.8.1>=3.0.0, <3.0.9.1
M Regular Expression Denial of Service (ReDoS)	>=2.0.0.alpha, <2.2.6.4>=3.0.0.beta1, <3.0.6.1
H Denial of Service (DoS)	<2.0.9.3>=2.1.0, <2.1.4.3>=2.2.0, <2.2.6.3>=3.0.0.beta1, <3.0.4.2
M Regular Expression Denial of Service (ReDoS)	>=1.5.0, <2.0.9.2>=2.1.0.0, <2.1.4.2>=2.2.0.0, <2.2.6.2>=3.0.0.0, <3.0.4.1
M Regular Expression Denial of Service (ReDoS)	>=2.0.0, <2.0.9.2>=2.1.0.0, <2.1.4.2>=2.2.0.0, <2.2.6.1>=3.0.0.0, <3.0.4.1
M Regular Expression Denial of Service (ReDoS)	>=2.0.0, <2.0.9.2>=2.1.0, <2.1.4.2>=2.2.0, <2.2.6.1>=3.0.0.0, <3.0.4.1
H Denial of Service (DoS)	>=1.2, <2.0.9.1>=2.1.0, <2.1.4.1>=2.2.0, <2.2.3.1
C Arbitrary Code Injection	<2.0.9.1>=2.1.0, <2.1.4.1>=2.2.0, <2.2.3.1
M Web Cache Poisoning	<3.0.0.beta1
M Cross-site Request Forgery (CSRF)	<2.1.4>=2.2.0, <2.2.3
H Directory Traversal	<2.1.3
M Information Exposure	<1.6.12>=2.0.0.alpha, <2.0.8
M Denial of Service (DoS)	>=2.0.4, <2.0.6
M Cross-site Scripting (XSS)	<1.6.11>=2.0.0, <2.0.6
M Denial of Service (DoS)	>=1.6.0.beta, <1.6.1>=1.5.0, <1.5.3
M IP Spoofing	>=1.4.0, <1.6.0.beta
M Regular Expression Denial of Service (ReDoS)	>=1.3.0.beta, <1.3.4
M Denial of Service (DoS)	<1.3.0.beta
M Denial of Service (DoS)	>=1.3, <1.3.6>=1.2, <1.2.5<1.1.3
M Denial of Service (DoS)	<1.4.6>=1.5.0, <1.5.4>=1.6.0, <1.6.2
M Timing Attack	>=1.5, <1.5.2>=1.4, <1.4.5>=1.3, <1.3.10>=1.2, <1.2.8<1.1.6
M Arbitrary File Disclosure	<1.4.5>=1.5, <1.5.2
M Denial of Service (DoS)	>=1.4, <1.4.4>=1.3, <1.3.9>=1.2, <1.2.7<1.1.5
M Denial of Service (DoS)	>=1.4, <1.4.3<1.3.8
M Regular Expression Denial of Service (ReDoS)	>=1.4, <1.4.2>=1.3, <1.3.7>=1.2, <1.2.6<1.1.4

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

>=3.2.0, <3.2.3>=3.0.0, <3.1.18<2.2.20