VDB

GHSA-qv7j-4883-hwh7

GHSA-qv7j-4883-hwh7 PUBLISHED CVSS 5.900000095367432 MEDIUM

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
RubyGemsrack0, 3.0.0, 3.2.0
RubyGemsrack

Timeline

  • Apr 2, 2026 CVE Published
  • Apr 9, 2026 Security Advisory
  • May 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›