Astra Linux - уязвимость в ruby-rack

A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...

MGASA-2025-0311 Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

EUVD-2022-5620

Malicious code in bioql PyPI...

EUVD-2025-4075

Malicious code in bioql PyPI...

rubygem-rack: Possible Log Injection in Rack::CommonLogger

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be...

GHSA-7G2V-JJ9Q-G3RG Possible Log Injection in Rack::CommonLogger

Summary Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. Details When a user provides the authorization credentials via Rack::Auth::Basic, if success,...

Possible Log Injection in Rack::CommonLogger

Summary Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. Details When a user provides the authorization credentials via Rack::Auth::Basic, if success,...

DEBIAN-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2025-25184 Possible Log Injection in Rack::CommonLogger

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2025-25184 Possible Log Injection in Rack::CommonLogger

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2025-25184 Possible Log Injection in Rack::CommonLogger

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. Rack has a security vulnerability that originates from the ability to manipulate log entries by crafting input that contains line breaks to utilize Rack::CommonLogger...

Possible Log Injection in Rack::CommonLogger

Summary Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. Details When a user provides the authorization credentials via Rack::Auth::Basic, if success,...

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

rubygem-rack: crafted requests can cause shell escape sequences

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

OS Command Injection

rack is vulnerable to OS command injection. The vulnerability exists in log function in CommonLogger and Lint middleware because of the escape sequences which allows an attacker to execute shell commands...

Arbitrary Code Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...