Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-61780

Опубликовано: 10 окт. 2025
Источник: nvd
CVSS3: 5.8
CVSS3: 5.3
EPSS Низкий

Описание

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers (such as Nginx). Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When Rack::Sendfile received untrusted x-sendfile-type or x-accel-mapping headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a "redirect" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy's access controls. An attacker could exploit this by setting a crafted x-sendfile-type: x-accel-redirect header, setting a crafted x-accel-mapping header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypass p

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*
Версия до 2.2.20 (исключая)
cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*
Версия от 3.0.0 (включая) до 3.1.18 (исключая)
cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*
Версия от 3.2.0 (включая) до 3.2.3 (исключая)

EPSS

Процентиль: 13%
0.00042
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2025-61780

CVSS3: 5.8
ubuntu
около 2 месяцев назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a "redirect" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy's access controls. An attacker could exploit this by setting a crafted `x-sendfile-type: x-accel-redirect` header, setting a crafted `x-accel-mapping` header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypas...

debian логотип

CVE-2025-61780

CVSS3: 5.8
debian
около 2 месяцев назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...

github логотип

GHSA-r657-rxjc-j557

CVSS3: 5.8
github
около 2 месяцев назад

Rack has a Possible Information Disclosure Vulnerability

fstec логотип

BDU:2025-13873

CVSS3: 5.8
fstec
около 2 месяцев назад

Уязвимость класса Rack::Sendfile модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

suse-cvrf логотип

SUSE-SU-2025:4273-1

suse-cvrf
4 дня назад

Security update for rubygem-rack

EPSS

Процентиль: 13%
0.00042
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200