CVE-2025-27111

HIGH

Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection

Title source: llm

Description

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html

[Mitigation, Vendor Advisory] https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v

[Patch] https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53

[Patch] https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b

View Patch ZIP pw:eip

[Patch] https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3

Scores

CVSS v3 7.5

EPSS 0.0067

EPSS Percentile 71.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-93 CWE-117

Status published

Products (2)

rack/rack < 2.2.12

rubygems/rack 0 - 2.2.12RubyGems

Published Mar 04, 2025

Tracked Since Feb 18, 2026