VYPR

rpm package

opensuse/rubygem-rack-1_6&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/rubygem-rack-1_6&distro=openSUSE%20Leap%2015.6

Vulnerabilities (3)

  • CVE-2025-27610Mar 10, 2025
    affected < 1.6.8-150000.3.3.1fixed 1.6.8-150000.3.3.1

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vu

  • CVE-2025-27111Mar 4, 2025
    affected < 1.6.8-150000.3.6.1fixed 1.6.8-150000.3.6.1

    Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vul

  • CVE-2025-25184Feb 12, 2025
    affected < 1.6.8-150000.3.3.1fixed 1.6.8-150000.3.3.1

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting