From 5f4334eb94d13f88205ec6c8b661129be5a39751 Mon Sep 17 00:00:00 2001
From: Viktor Rak <rakvium@gmail.com>
Date: Tue, 11 Mar 2025 13:26:50 +0200
Subject: [PATCH] GHSA SYNC[rack]: 1 brand new advisory: CVE-2025-27610

- new file: gems/rack/CVE-2025-27610.yml
---
 gems/rack/CVE-2025-27610.yml | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 gems/rack/CVE-2025-27610.yml

diff --git a/gems/rack/CVE-2025-27610.yml b/gems/rack/CVE-2025-27610.yml
new file mode 100644
index 0000000000..0c470a2ae4
--- /dev/null
+++ b/gems/rack/CVE-2025-27610.yml
@@ -0,0 +1,38 @@
+---
+gem: rack
+cve: 2025-27610
+ghsa: 7wqh-767x-r66v
+url: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+title: Local File Inclusion in Rack::Static
+date: 2025-03-10
+description: |-
+  ## Summary
+
+  `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.
+
+  ## Details
+
+  The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.
+
+  ## Impact
+
+  By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.
+
+  ## Mitigation
+
+  - Update to the latest version of Rack, or
+  - Remove usage of `Rack::Static`, or
+  - Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.
+
+  It is likely that a CDN or similar static file server would also mitigate the issue.
+cvss_v3: 7.5
+cvss_v4:
+patched_versions:
+- "~> 2.2.13"
+- "~> 3.0.14"
+- ">= 3.1.12"
+related:
+  url:
+  - https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+  - https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
+  - https://github.com/advisories/GHSA-7wqh-767x-r66v