3 matches found
Astra Linux – Vulnerability in Ruby-Rack
There is a directory traversal vulnerability in Rack versions prior to 2.2.0. This vulnerability allows attackers to exploit the directory traversal vulnerability in the Rack::Directory module, which is included with Rack. This could lead to the disclosure of sensitive information...
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.22, 3.1.20, and 3.2.5 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory’s path checking mechanism, which used string prefix matching, potential...