GHSA SYNC[rack]: 1 brand new advisory: CVE-2025-27610

gems/rack/CVE-2025-27610.yml

@@ -0,0 +1,38 @@
+---
+gem: rack
+cve: 2025-27610
+ghsa: 7wqh-767x-r66v
+url: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+title: Local File Inclusion in Rack::Static
+date: 2025-03-10
+description: |-
+  ## Summary
+
+  `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.
+
+  ## Details
+
+  The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.
+
+  ## Impact
+
+  By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.
+
+  ## Mitigation
+
+  - Update to the latest version of Rack, or
+  - Remove usage of `Rack::Static`, or
+  - Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.
+
+  It is likely that a CDN or similar static file server would also mitigate the issue.
+cvss_v3: 7.5
+cvss_v4:
+patched_versions:
+- "~> 2.2.13"
+- "~> 3.0.14"
+- ">= 3.1.12"
+related:
+  url:
+  - https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+  - https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
+  - https://github.com/advisories/GHSA-7wqh-767x-r66v