CNNVD-202510-1428 Information
CNNVD ID
CNNVD-202510-1428
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.20之前版本、3.1.18之前版本和3.2.3之前版本存在安全漏洞,该漏洞源于Rack::Sendfile在处理特制标头时可能绕过代理访问限制,导致信息泄露。
Description (English)
Rack is a modular Ruby web server interface for Rack Open Source. Pre-Rack 2.2.20, pre-Rack 3.1.18 and pre-Sir. 2.3. There is a security loophole, which stems from the fact that, when dealing with a specially designed marker, the presence of the agent may be bypassed, leading to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rack
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85 https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784 https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557 https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a https://vigilance.fr/vulnerability/Rack-five-vulnerabilities-dated-03-11-2025-48633
Patch
https://github.com/rack/rack/releases
Share on: