50 matches found
Astra Linux - уязвимость в ruby-rack
There is a directory traversal vulnerability in Rack versions prior to 2.2.0. This vulnerability allows attackers to exploit the directory traversal vulnerability in the Rack::Directory module, which is included with Rack. This could lead to the disclosure of sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2026-34763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a...
SUSE CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
CVE-2026-34763
A flaw was found in Rack. A remote attacker could exploit a vulnerability in Rack::Directory's handling of root paths. When the configured root path contains special regular expression characters, the directory listing generation can fail to properly strip the path prefix. This can lead to the...
GHSA-7MQQ-6CF9-V2QP Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
EUVD-2026-18380
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory...
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
Permissive Regular Expression
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
CVE-2026-34763
CVE-2026-34763 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root contains regex metacharacters (e.g., +, *...
CVE-2026-34763 Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory allowing the root path of configuration settings to be directly inserte...
PT-2026-29909
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
Updated ruby-rack packages fix security vulnerabilities
Rack has a Directory Traversal via Rack:Directory. CVE-2026-22860 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href. CVE-2026-25500...
MGASA-2026-0075 Updated ruby-rack packages fix security vulnerabilities
Rack has a Directory Traversal via Rack:Directory. CVE-2026-22860 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href. CVE-2026-25500...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.15 Vulnerability Details CVEID:CVE-2026-22860 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the...
📄 Rack::Directory Cross Site Scripting
A persistent cross site scripting vulnerability affects Rack::Directory in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5. ============================================================================================================================================= | Title : Rack Rack::Directory...
SUSE CVE-2026-22860
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory's path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
Linux Distros Unpatched Vulnerability : CVE-2026-22860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory's path check used a string prefix match on the expande...