From d8a00756fe0525b3dcb057563dd81997b6871ee2 Mon Sep 17 00:00:00 2001
From: diogolsq <diogolsq@poli.ufrj.br>
Date: Fri, 20 Feb 2026 15:44:55 +0000
Subject: [PATCH 1/2] feat: adding missing CVE to rack gem

---
 gems/rack/CVE-2026-22860.yml | 44 ++++++++++++++++++++++++++++++++++++
 gems/rack/CVE-2026-25500.yml | 43 +++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 gems/rack/CVE-2026-22860.yml
 create mode 100644 gems/rack/CVE-2026-25500.yml

diff --git a/gems/rack/CVE-2026-22860.yml b/gems/rack/CVE-2026-22860.yml
new file mode 100644
index 0000000000..609da5cf01
--- /dev/null
+++ b/gems/rack/CVE-2026-22860.yml
@@ -0,0 +1,44 @@
+---
+gem: rack
+cve: 2026-22860
+ghsa: mxw3-3hh2-x2mh
+url: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
+title: Rack::Directory vulnerable to path traversal when serving files
+date: 2026-01-16
+description: |
+  ## Summary
+
+  `Rack::Directory` is vulnerable to path traversal. An attacker can
+  request crafted paths and access files outside the configured root.
+
+  ## Details
+
+  The vulnerability is in `Rack::Directory` path handling. Directory
+  traversal sequences are not sufficiently constrained before file
+  resolution, which can allow escaping the intended base directory.
+
+  Affected versions:
+
+  - `< 2.2.22`
+  - `>= 3.0.0.beta1, < 3.1.20`
+  - `>= 3.2.0.beta1, < 3.2.5`
+
+  ## Impact
+
+  Applications that expose `Rack::Directory` can disclose arbitrary
+  files reachable by the process, including sensitive configuration or
+  application data.
+
+  ## Mitigation
+
+  - Upgrade to a patched version of Rack.
+  - Avoid exposing `Rack::Directory` to untrusted paths.
+patched_versions:
+  - ">= 2.2.22"
+  - ">= 3.1.20"
+  - ">= 3.2.5"
+related:
+  url:
+    - https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
+    - https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
+    - https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
diff --git a/gems/rack/CVE-2026-25500.yml b/gems/rack/CVE-2026-25500.yml
new file mode 100644
index 0000000000..f833f5f415
--- /dev/null
+++ b/gems/rack/CVE-2026-25500.yml
@@ -0,0 +1,43 @@
+---
+gem: rack
+cve: 2026-25500
+ghsa: whrj-4476-wvmp
+url: https://github.com/advisories/GHSA-whrj-4476-wvmp
+title: Rack::Directory vulnerable to reflected XSS in directory listings
+date: 2026-01-16
+description: |
+  ## Summary
+
+  `Rack::Directory` is vulnerable to reflected cross-site scripting (XSS)
+  in generated directory listings.
+
+  ## Details
+
+  User-controlled path content can be reflected in HTML output without
+  sufficient escaping in `Rack::Directory`. Visiting a crafted URL can
+  execute attacker-controlled JavaScript in a victim's browser.
+
+  Affected versions:
+
+  - `< 2.2.22`
+  - `>= 3.0.0.beta1, < 3.1.20`
+  - `>= 3.2.0.beta1, < 3.2.5`
+
+  ## Impact
+
+  Successful exploitation can run arbitrary JavaScript in the origin of
+  the affected application, enabling session theft, content injection,
+  or phishing-style attacks against users.
+
+  ## Mitigation
+
+  - Upgrade to a patched version of Rack.
+  - Avoid exposing `Rack::Directory` listings to untrusted users.
+patched_versions:
+  - ">= 2.2.22"
+  - ">= 3.1.20"
+  - ">= 3.2.5"
+related:
+  url:
+    - https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
+    - https://github.com/advisories/GHSA-whrj-4476-wvmp

From d720f671ebb8c23f77301eb579f67611c171422e Mon Sep 17 00:00:00 2001
From: diogolsq <diogolsq@poli.ufrj.br>
Date: Fri, 20 Feb 2026 15:44:55 +0000
Subject: [PATCH 2/2] feat: adding missing cvss_v3; fix: correct data on cve
 fix: correct versions in patched_versions;

---
 gems/rack/CVE-2026-22860.yml | 11 ++++++-----
 gems/rack/CVE-2026-25500.yml |  9 +++++----
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/gems/rack/CVE-2026-22860.yml b/gems/rack/CVE-2026-22860.yml
index 609da5cf01..6da7229667 100644
--- a/gems/rack/CVE-2026-22860.yml
+++ b/gems/rack/CVE-2026-22860.yml
@@ -4,7 +4,7 @@ cve: 2026-22860
 ghsa: mxw3-3hh2-x2mh
 url: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
 title: Rack::Directory vulnerable to path traversal when serving files
-date: 2026-01-16
+date: 2026-02-16
 description: |
   ## Summary
 
@@ -20,8 +20,8 @@ description: |
   Affected versions:
 
   - `< 2.2.22`
-  - `>= 3.0.0.beta1, < 3.1.20`
-  - `>= 3.2.0.beta1, < 3.2.5`
+  - `>= 3.0.0, < 3.1.20`
+  - `>= 3.2.0, < 3.2.5`
 
   ## Impact
 
@@ -33,9 +33,10 @@ description: |
 
   - Upgrade to a patched version of Rack.
   - Avoid exposing `Rack::Directory` to untrusted paths.
+cvss_v3: 7.5
 patched_versions:
-  - ">= 2.2.22"
-  - ">= 3.1.20"
+  - "~> 2.2.22"
+  - "~> 3.1.20"
   - ">= 3.2.5"
 related:
   url:
diff --git a/gems/rack/CVE-2026-25500.yml b/gems/rack/CVE-2026-25500.yml
index f833f5f415..8a5a5cc3e0 100644
--- a/gems/rack/CVE-2026-25500.yml
+++ b/gems/rack/CVE-2026-25500.yml
@@ -4,7 +4,7 @@ cve: 2026-25500
 ghsa: whrj-4476-wvmp
 url: https://github.com/advisories/GHSA-whrj-4476-wvmp
 title: Rack::Directory vulnerable to reflected XSS in directory listings
-date: 2026-01-16
+date: 2026-02-16
 description: |
   ## Summary
 
@@ -21,7 +21,7 @@ description: |
 
   - `< 2.2.22`
   - `>= 3.0.0.beta1, < 3.1.20`
-  - `>= 3.2.0.beta1, < 3.2.5`
+  - `>= 3.2.0, < 3.2.5`
 
   ## Impact
 
@@ -33,9 +33,10 @@ description: |
 
   - Upgrade to a patched version of Rack.
   - Avoid exposing `Rack::Directory` listings to untrusted users.
+cvss_v3: 5.4
 patched_versions:
-  - ">= 2.2.22"
-  - ">= 3.1.20"
+  - "~> 2.2.22"
+  - "~> 3.1.20"
   - ">= 3.2.5"
 related:
   url: