Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability has been...

CVE-2025-61780

A potential information disclosure vulnerability has been identified in the RubyGem Rack affecting Rack::Sendfile when used behind a proxy that supports x-sendfile headers e.g., Nginx. When processing untrusted x-sendfile-type or x-accel-mapping headers, the middleware could misinterpret them as...

GHSA-R657-RXJC-J557 Rack has a Possible Information Disclosure Vulnerability

Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...

DEBIAN-CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...

CVE-2025-61780 Rack has Possible Information Disclosure Vulnerability

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...

EUVD-2025-33749

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...

PT-2025-41580

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.20 Rack versions prior to 3.1.18 Rack versions prior to 3.2.3 Description Rack is a modular Ruby web server interface. A potential information disclosure issue existed in Rack::Sendfile when operating behind a proxy...

OESA-2025-1299 rubygem-rack security update

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

DEBIAN-CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

UBUNTU-CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

Improper Output Neutralization for Logs

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

GHSA-85RF-XH54-WHP3 Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...