VDB
GHSA-qv7j-4883-hwh7
GHSA-qv7j-4883-hwh7
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | rack | 0, 3.0.0, 3.2.0 |
| RubyGems | rack |
Timeline
- Apr 2, 2026 CVE Published
- Apr 9, 2026 Security Advisory
- May 13, 2026 CVE Updated