ghsa-8cgq-6mh2-7j6v
Vulnerability from github
Published
2025-03-04 15:27
Modified
2025-03-05 21:49
Severity ?
Summary
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Details
Summary
Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries.
Details
The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.
Impact
This vulnerability can distort log files, obscure attack traces, and complicate security auditing.
Mitigation
- Update to the latest version of Rack, or
- Remove usage of
Rack::Sendfile.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.0.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "3.1"
},
{
"fixed": "3.1.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27111"
],
"database_specific": {
"cwe_ids": [
"CWE-117",
"CWE-93"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-04T15:27:06Z",
"nvd_published_at": "2025-03-04T16:15:40Z",
"severity": "MODERATE"
},
"details": "## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that includes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from the `X-Sendfile-Type` header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure attack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.",
"id": "GHSA-8cgq-6mh2-7j6v",
"modified": "2025-03-05T21:49:36Z",
"published": "2025-03-04T15:27:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27111"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3"
},
{
"type": "PACKAGE",
"url": "https://github.com/rack/rack"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.