Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2026/04/30 1:18 p.m.14 views

CVE-2026-7381

A flaw was found in Plack::Middleware::XSendfile. A remote attacker can exploit this vulnerability by manipulating HTTP headers, specifically X-Sendfile-Type and X-Accel-Mapping, when the application is deployed behind an nginx reverse proxy. This client-controlled path rewriting could allow the...

9.1CVSS5.7AI score0.00442EPSS
Exploits0References2
osv
osv
added 2026/04/29 10:13 p.m.4 views

CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS6AI score0.00442EPSS
Exploits0References7
nessus
nessus
added 2026/03/11 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-rack (UTSA-2026-005939)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005939 advisory. Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit th...

7.5CVSS7.3AI score0.00699EPSS
Exploits0References4
nessus
nessus
added 2025/10/17 12:0 a.m.6 views

Ruby RACK < 2.2.20 / 3.x < 3.1.18 / 3.2 < 3.2.3 Multiple Vulnerabilities

The version of the RACK Ruby library installed on the remote host is prior to 2.2.20 / 3.1.18 / 3.2.3. It is, therefore, affected by the following vulnerabilities: - Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling...

7.5CVSS6.9AI score0.00911EPSS
Exploits0References4
osv
osv
added 2025/10/10 5:15 p.m.6 views

DEBIAN-CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...

5.3CVSS5.5AI score0.00434EPSS
Exploits0References1
amazon
amazon
added 2025/04/16 12:0 a.m.7 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

7.5CVSS7AI score0.00699EPSS
Exploits0
osv
osv
added 2025/03/04 4:15 p.m.19 views

UBUNTU-CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

7.5CVSS6.6AI score0.00699EPSS
Exploits0References8
Rows per page
Query Builder