File tree Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' CVE-2025-27111 (rack): Escape Sequence Injection vulnerability in Rack lead
4+ to Possible Log Injection'
5+ comments : false
6+ categories :
7+ - rack
8+ advisory :
9+ gem : rack
10+ cve : 2025-27111
11+ ghsa : 8cgq-6mh2-7j6v
12+ url : https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
13+ title : Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
14+ date : 2025-03-04
15+ description : |
16+ ## Summary
17+
18+ `Rack::Sendfile` can be exploited by crafting input that
19+ includes newline characters to manipulate log entries.
20+
21+ ## Details
22+
23+ The `Rack::Sendfile` middleware logs unsanitized header values from
24+ the `X-Sendfile-Type` header. An attacker can exploit this by
25+ injecting escape sequences (such as newline characters) into the
26+ header, resulting in log injection.
27+
28+ ## Impact
29+
30+ This vulnerability can distort log files, obscure
31+ attack traces, and complicate security auditing.
32+
33+ ## Mitigation
34+
35+ - Update to the latest version of Rack, or
36+ - Remove usage of `Rack::Sendfile`.
37+ cvss_v4 : 6.9
38+ patched_versions :
39+ - " ~> 2.2.12"
40+ - " ~> 3.0.13"
41+ - " >= 3.1.11"
42+ related :
43+ url :
44+ - https://nvd.nist.gov/vuln/detail/CVE-2025-27111
45+ - https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
46+ - https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
47+ - https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
48+ - https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
49+ - https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
50+ ---
You can’t perform that action at this time.
0 commit comments