Local File Inclusion in Rack::Static
Description
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified root: directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of Rack::Static, or ensuring that root: points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | < 2.2.13 | 2.2.13 |
rackRubyGems | >= 3.0, < 3.0.14 | 3.0.14 |
rackRubyGems | >= 3.1, < 3.1.12 | 3.1.12 |
Affected products
171- osv-coords170 versionspkg:apk/chainguard/gitaly-config-17.8pkg:apk/chainguard/gitaly-config-17.9pkg:apk/chainguard/gitlab-base-17.8pkg:apk/chainguard/gitlab-base-17.9pkg:apk/chainguard/gitlab-certificates-17.8pkg:apk/chainguard/gitlab-certificates-17.9pkg:apk/chainguard/gitlab-cfssl-self-sign-scripts-17.8pkg:apk/chainguard/gitlab-cfssl-self-sign-scripts-17.9pkg:apk/chainguard/gitlab-cng-17.8pkg:apk/chainguard/gitlab-cng-17.9pkg:apk/chainguard/gitlab-container-registry-17.8pkg:apk/chainguard/gitlab-container-registry-17.9pkg:apk/chainguard/gitlab-container-registry-compat-17.8pkg:apk/chainguard/gitlab-container-registry-compat-17.9pkg:apk/chainguard/gitlab-container-registry-scripts-17.8pkg:apk/chainguard/gitlab-container-registry-scripts-17.9pkg:apk/chainguard/gitlab-elasticsearch-indexer-17.8pkg:apk/chainguard/gitlab-elasticsearch-indexer-17.9pkg:apk/chainguard/gitlab-elasticsearch-indexer-compat-17.8pkg:apk/chainguard/gitlab-elasticsearch-indexer-compat-17.9pkg:apk/chainguard/gitlab-exporter-17.8pkg:apk/chainguard/gitlab-exporter-17.9pkg:apk/chainguard/gitlab-exporter-scripts-17.8pkg:apk/chainguard/gitlab-exporter-scripts-17.9pkg:apk/chainguard/gitlab-geo-logcursor-scripts-17.8pkg:apk/chainguard/gitlab-geo-logcursor-scripts-17.9pkg:apk/chainguard/gitlab-gitaly-scripts-17.8pkg:apk/chainguard/gitlab-gitaly-scripts-17.9pkg:apk/chainguard/gitlab-logger-17.8pkg:apk/chainguard/gitlab-logger-17.9pkg:apk/chainguard/gitlab-logger-compat-17.8pkg:apk/chainguard/gitlab-logger-compat-17.9pkg:apk/chainguard/gitlab-mailroom-17.8pkg:apk/chainguard/gitlab-mailroom-17.9pkg:apk/chainguard/gitlab-mailroom-scripts-17.8pkg:apk/chainguard/gitlab-mailroom-scripts-17.9pkg:apk/chainguard/gitlab-pages-scripts-17.8pkg:apk/chainguard/gitlab-pages-scripts-17.9pkg:apk/chainguard/gitlab-rails-scripts-17.8pkg:apk/chainguard/gitlab-rails-scripts-17.9pkg:apk/chainguard/gitlab-shell-17.8pkg:apk/chainguard/gitlab-shell-17.9pkg:apk/chainguard/gitlab-shell-scripts-17.8pkg:apk/chainguard/gitlab-shell-scripts-17.9pkg:apk/chainguard/gitlab-shell-scripts-compat-17.8pkg:apk/chainguard/gitlab-shell-scripts-compat-17.9pkg:apk/chainguard/gitlab-sidekiq-scripts-17.8pkg:apk/chainguard/gitlab-sidekiq-scripts-17.9pkg:apk/chainguard/gitlab-toolbox-scripts-17.8pkg:apk/chainguard/gitlab-toolbox-scripts-17.9pkg:apk/chainguard/gitlab-webservice-config-17.8pkg:apk/chainguard/gitlab-webservice-config-17.9pkg:apk/chainguard/gitlab-webservice-scripts-17.8pkg:apk/chainguard/gitlab-webservice-scripts-17.9pkg:apk/chainguard/gitlab-workhorse-scripts-17.8pkg:apk/chainguard/gitlab-workhorse-scripts-17.9pkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/kube-fluentd-operator-compatpkg:apk/chainguard/kube-fluentd-operator-default-configpkg:apk/chainguard/kube-fluentd-operator-oci-entrypointpkg:apk/chainguard/logstash-8pkg:apk/chainguard/logstash-8-bitnami-compatpkg:apk/chainguard/logstash-8-compatpkg:apk/chainguard/logstash-8-env2yamlpkg:apk/chainguard/logstash-8-iamguarded-compatpkg:apk/chainguard/logstash-8-with-output-opensearchpkg:apk/chainguard/logstash-jre-bcfipspkg:apk/chainguard/logstash-jre-bcfips-compatpkg:apk/chainguard/logstash-jre-bcfips-env2yamlpkg:apk/chainguard/logstash-jre-bcfips-with-output-opensearchpkg:apk/chainguard/ruby3.2-rack-2.2pkg:apk/chainguard/ruby3.2-rails-7.1pkg:apk/chainguard/ruby3.2-rails-7.1-compatpkg:apk/chainguard/ruby3.2-rails-8.0pkg:apk/chainguard/ruby3.2-rails-8.0-compatpkg:apk/chainguard/ruby3.3-rack-2.2pkg:apk/chainguard/ruby3.3-rails-7.1pkg:apk/chainguard/ruby3.3-rails-7.1-compatpkg:apk/chainguard/ruby3.3-rails-7.2pkg:apk/chainguard/ruby3.3-rails-7.2-compatpkg:apk/chainguard/ruby3.4-rack-2.2pkg:apk/chainguard/ruby3.4-rails-7.1pkg:apk/chainguard/ruby3.4-rails-7.1-compatpkg:apk/chainguard/ruby3.4-rails-7.2pkg:apk/chainguard/ruby3.4-rails-7.2-compatpkg:apk/chainguard/ruby3.4-rails-8.0pkg:apk/chainguard/ruby3.4-rails-8.0-compatpkg:apk/chainguard/ruby4.0-rack-2.2pkg:apk/wolfi/gitaly-config-17.8pkg:apk/wolfi/gitaly-config-17.9pkg:apk/wolfi/gitlab-base-17.8pkg:apk/wolfi/gitlab-base-17.9pkg:apk/wolfi/gitlab-certificates-17.8pkg:apk/wolfi/gitlab-certificates-17.9pkg:apk/wolfi/gitlab-cfssl-self-sign-scripts-17.8pkg:apk/wolfi/gitlab-cfssl-self-sign-scripts-17.9pkg:apk/wolfi/gitlab-cng-17.8pkg:apk/wolfi/gitlab-cng-17.9pkg:apk/wolfi/gitlab-container-registry-17.8pkg:apk/wolfi/gitlab-container-registry-17.9pkg:apk/wolfi/gitlab-container-registry-compat-17.8pkg:apk/wolfi/gitlab-container-registry-compat-17.9pkg:apk/wolfi/gitlab-container-registry-scripts-17.8pkg:apk/wolfi/gitlab-container-registry-scripts-17.9pkg:apk/wolfi/gitlab-elasticsearch-indexer-17.8pkg:apk/wolfi/gitlab-elasticsearch-indexer-17.9pkg:apk/wolfi/gitlab-elasticsearch-indexer-compat-17.8pkg:apk/wolfi/gitlab-elasticsearch-indexer-compat-17.9pkg:apk/wolfi/gitlab-exporter-17.8pkg:apk/wolfi/gitlab-exporter-17.9pkg:apk/wolfi/gitlab-exporter-scripts-17.8pkg:apk/wolfi/gitlab-exporter-scripts-17.9pkg:apk/wolfi/gitlab-geo-logcursor-scripts-17.8pkg:apk/wolfi/gitlab-geo-logcursor-scripts-17.9pkg:apk/wolfi/gitlab-gitaly-scripts-17.8pkg:apk/wolfi/gitlab-gitaly-scripts-17.9pkg:apk/wolfi/gitlab-logger-17.8pkg:apk/wolfi/gitlab-logger-17.9pkg:apk/wolfi/gitlab-logger-compat-17.8pkg:apk/wolfi/gitlab-logger-compat-17.9pkg:apk/wolfi/gitlab-mailroom-17.8pkg:apk/wolfi/gitlab-mailroom-17.9pkg:apk/wolfi/gitlab-mailroom-scripts-17.8pkg:apk/wolfi/gitlab-mailroom-scripts-17.9pkg:apk/wolfi/gitlab-pages-scripts-17.8pkg:apk/wolfi/gitlab-pages-scripts-17.9pkg:apk/wolfi/gitlab-rails-scripts-17.8pkg:apk/wolfi/gitlab-rails-scripts-17.9pkg:apk/wolfi/gitlab-shell-17.8pkg:apk/wolfi/gitlab-shell-17.9pkg:apk/wolfi/gitlab-shell-scripts-17.8pkg:apk/wolfi/gitlab-shell-scripts-17.9pkg:apk/wolfi/gitlab-shell-scripts-compat-17.8pkg:apk/wolfi/gitlab-shell-scripts-compat-17.9pkg:apk/wolfi/gitlab-sidekiq-scripts-17.8pkg:apk/wolfi/gitlab-sidekiq-scripts-17.9pkg:apk/wolfi/gitlab-toolbox-scripts-17.8pkg:apk/wolfi/gitlab-toolbox-scripts-17.9pkg:apk/wolfi/gitlab-webservice-config-17.8pkg:apk/wolfi/gitlab-webservice-config-17.9pkg:apk/wolfi/gitlab-webservice-scripts-17.8pkg:apk/wolfi/gitlab-webservice-scripts-17.9pkg:apk/wolfi/gitlab-workhorse-scripts-17.8pkg:apk/wolfi/gitlab-workhorse-scripts-17.9pkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/kube-fluentd-operator-compatpkg:apk/wolfi/kube-fluentd-operator-default-configpkg:apk/wolfi/kube-fluentd-operator-oci-entrypointpkg:apk/wolfi/logstash-8pkg:apk/wolfi/logstash-8-bitnami-compatpkg:apk/wolfi/logstash-8-compatpkg:apk/wolfi/logstash-8-env2yamlpkg:apk/wolfi/logstash-8-iamguarded-compatpkg:apk/wolfi/logstash-8-with-output-opensearchpkg:apk/wolfi/ruby3.2-rack-2.2pkg:apk/wolfi/ruby3.2-rails-8.0pkg:apk/wolfi/ruby3.2-rails-8.0-compatpkg:apk/wolfi/ruby3.3-rack-2.2pkg:apk/wolfi/ruby3.4-rack-2.2pkg:apk/wolfi/ruby3.4-rails-8.0pkg:apk/wolfi/ruby3.4-rails-8.0-compatpkg:apk/wolfi/ruby4.0-rack-2.2pkg:gem/rackpkg:rpm/opensuse/rubygem-rack-1_6&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
< 17.8.4-r31+ 169 more
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.4-r0
- (no CPE)range: < 8.17.4-r0
- (no CPE)range: < 8.17.4-r0
- (no CPE)range: < 8.17.4-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 7.2.2.1-r4
- (no CPE)range: < 7.2.2.1-r4
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 7.1.5.1-r4
- (no CPE)range: < 7.2.2.1-r4
- (no CPE)range: < 7.2.2.1-r4
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 17.8.4-r31
- (no CPE)range: < 17.9.2-r2
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 1.18.2-r31
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 8.17.3-r2
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 2.2.22-r0
- (no CPE)range: < 2.2.13
- (no CPE)range: < 1.6.8-150000.3.3.1
- (no CPE)range: < 2.2.13-1.1
- (no CPE)range: < 2.0.8-150000.3.26.1
- (no CPE)range: < 2.0.8-150000.3.26.1
- (no CPE)range: < 2.0.8-150000.3.26.1
- (no CPE)range: < 2.0.8-150000.3.26.1
- (no CPE)range: < 2.0.8-150000.3.26.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-7wqh-767x-r66vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27610ghsaADVISORY
- github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583ghsax_refsource_MISCWEB
- github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66vghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.ymlghsaWEB
- lists.debian.org/debian-lts-announce/2025/03/msg00016.htmlghsaWEB
News mentions
0No linked articles in our index yet.