Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-25500

Опубликовано: 18 фев. 2026
Источник: debian
EPSS Низкий

Описание

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-rackfixed3.2.5-1package

Примечания

  • https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp

  • Fixed by: https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff (main)

  • Fixed by: https://github.com/rack/rack/commit/93a68f58aa82aa48f09b751501f19f5e760dd406 (v3.2.5)

  • Fixed by: https://github.com/rack/rack/commit/ed0f455074f9d6aade9793bd8a3dc4aeaecaacd6 (v3.1.20)

  • Fixed by: https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb (v2.2.22)

EPSS

Процентиль: 6%
0.00021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-25500

CVSS3: 5.4
ubuntu
около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

redhat логотип

CVE-2026-25500

CVSS3: 5.4
redhat
около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

nvd логотип

CVE-2026-25500

CVSS3: 5.4
nvd
около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

github логотип

GHSA-whrj-4476-wvmp

CVSS3: 5.4
github
около 1 месяца назад

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

EPSS

Процентиль: 6%
0.00021
Низкий