OESA-2025-1299

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1299
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1299.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1299
Upstream
Published
2025-03-21T13:17:37Z
Modified
2025-08-12T05:49:26.150339Z
Summary
rubygem-rack security update
Details

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Security Fix(es):

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env['REMOTE_USER'] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix.(CVE-2025-25184)

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.(CVE-2025-27111)

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified root: directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of Rack::Static, or ensuring that root: points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.(CVE-2025-27610)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / rubygem-rack

Package

Name
rubygem-rack
Purl
pkg:rpm/openEuler/rubygem-rack&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3.1-7.oe2003sp4

Ecosystem specific 

{
    "src": [
        "rubygem-rack-2.2.3.1-7.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.3.1-7.oe2003sp4.noarch.rpm",
        "rubygem-rack-help-2.2.3.1-7.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / rubygem-rack

Package

Name
rubygem-rack
Purl
pkg:rpm/openEuler/rubygem-rack&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3.1-8.oe2203sp3

Ecosystem specific 

{
    "src": [
        "rubygem-rack-2.2.3.1-8.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.3.1-8.oe2203sp3.noarch.rpm",
        "rubygem-rack-help-2.2.3.1-8.oe2203sp3.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / rubygem-rack

Package

Name
rubygem-rack
Purl
pkg:rpm/openEuler/rubygem-rack&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3.1-8.oe2203sp4

Ecosystem specific 

{
    "src": [
        "rubygem-rack-2.2.3.1-8.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.3.1-8.oe2203sp4.noarch.rpm",
        "rubygem-rack-help-2.2.3.1-8.oe2203sp4.noarch.rpm"
    ]
}

openEuler:24.03-LTS / rubygem-rack

Package

Name
rubygem-rack
Purl
pkg:rpm/openEuler/rubygem-rack&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-11.oe2403sp1

Ecosystem specific 

{
    "src": [
        "rubygem-rack-2.2.4-11.oe2403.src.rpm",
        "rubygem-rack-2.2.4-11.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.4-11.oe2403.noarch.rpm",
        "rubygem-rack-help-2.2.4-11.oe2403.noarch.rpm",
        "rubygem-rack-2.2.4-11.oe2403sp1.noarch.rpm",
        "rubygem-rack-help-2.2.4-11.oe2403sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / rubygem-rack

Package

Name
rubygem-rack
Purl
pkg:rpm/openEuler/rubygem-rack&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-11.oe2403sp1

Ecosystem specific 

{
    "src": [
        "rubygem-rack-2.2.4-11.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "rubygem-rack-2.2.4-11.oe2403sp1.noarch.rpm",
        "rubygem-rack-help-2.2.4-11.oe2403sp1.noarch.rpm"
    ]
}