Skip to content

Commit b7fc2b1

Browse files
rakviumpostmodern
authored andcommitted
GHSA SYNC[rack]: 1 brand new advisory: CVE-2025-27610
- new file: gems/rack/CVE-2025-27610.yml
1 parent 00d14ff commit b7fc2b1

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

gems/rack/CVE-2025-27610.yml

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
---
2+
gem: rack
3+
cve: 2025-27610
4+
ghsa: 7wqh-767x-r66v
5+
url: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
6+
title: Local File Inclusion in Rack::Static
7+
date: 2025-03-10
8+
description: |-
9+
## Summary
10+
11+
`Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.
12+
13+
## Details
14+
15+
The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.
16+
17+
## Impact
18+
19+
By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.
20+
21+
## Mitigation
22+
23+
- Update to the latest version of Rack, or
24+
- Remove usage of `Rack::Static`, or
25+
- Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.
26+
27+
It is likely that a CDN or similar static file server would also mitigate the issue.
28+
cvss_v3: 7.5
29+
cvss_v4:
30+
patched_versions:
31+
- "~> 2.2.13"
32+
- "~> 3.0.14"
33+
- ">= 3.1.12"
34+
related:
35+
url:
36+
- https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
37+
- https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
38+
- https://github.com/advisories/GHSA-7wqh-767x-r66v

0 commit comments

Comments
 (0)