VYPR

apk package

chainguard/ruby4.0-rails-7.1

pkg:apk/chainguard/ruby4.0-rails-7.1

Vulnerabilities (2)

  • CVE-2026-25500Feb 18, 2026
    affected < 7.1.6-r1fixed 7.1.6-r1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g.

  • CVE-2026-22860Feb 18, 2026
    affected < 7.1.6-r1fixed 7.1.6-r1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root stri