Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Mageia
Mageiaadded 2025/11/24 6:27 p.m.28 views

Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

7.5CVSS6.9AI score0.01095EPSS
Exploits1References2
Snyk
Snykadded 2025/02/12 7:18 p.m.3 views

Improper Output Neutralization for Logs

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.1CVSS6.8AI score0.01095EPSS
Exploits1References3
OSV
OSVadded 2025/02/12 5:15 p.m.2 views

UBUNTU-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

7.1CVSS6.7AI score0.01095EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2023/03/28 12:18 a.m.3 views

rubygem-rack: crafted requests can cause shell escape sequences

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

10CVSS6.8AI score0.01801EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2022/12/05 10:15 p.m.3 views

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS
Exploits0References5
OSV
OSVadded 2022/12/05 10:15 p.m.1 views

DEBIAN-CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS
Exploits0References1
OSV
OSVadded 2022/12/05 10:15 p.m.2 views

UBUNTU-CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS
Exploits0References8
BDU FSTEC
BDU FSTECadded 2022/07/08 12:0 a.m.6 views

The vulnerability of the modular interface between web servers and web applications in Rack, related to improper neutralization of special elements used in operating system commands, allows attackers to execute arbitrary shell commands on the target system.

The vulnerability of the modular interface between web servers and web applications in Rack is related to improper input validation during data processing. This issue occurs when data is transmitted through the intermediate software Rack Lint and CommonLogger. Exploiting this vulnerability allows...

10CVSS7.1AI score0.01801EPSS
Exploits0References10Affected Software9
Rows per page
Query Builder