3 matches found
ROS-20250403-16
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...
PT-2025-10642 · Rack +5 · Rack +5
Name of the Vulnerable Software and Affected Versions: Rack versions prior to 2.2.13, 3.0.14, and 3.1.12 Description: The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly...
PT-2023-8904
Name of the Vulnerable Software and Affected Versions Rack versions 2.0.0 through 2.2.6.3 Rack versions 3.0.0 through 3.0.6.0 Description The issue is related to the header parsing component of Rack, which can be exploited to cause a denial of service. This can happen when carefully crafted input...