VYPR

apk package

wolfi/ruby4.0-rack-2.2

pkg:apk/wolfi/ruby4.0-rack-2.2

Vulnerabilities (22)

  • CVE-2025-27111Mar 4, 2025
    affected < 2.2.22-r0fixed 2.2.22-r0

    Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vul

  • CVE-2025-25184Feb 12, 2025
    affected < 2.2.22-r0fixed 2.2.22-r0

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting

Page 2 of 2