Описание
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers (such as Nginx). Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When Rack::Sendfile received untrusted x-sendfile-type or x-accel-mapping headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a "redirect" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy's access controls. An attacker could exploit this by setting a crafted x-sendfile-type: x-accel-redirect header, setting a crafted x-accel-mapping header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypas...
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.1.18-1 |
| esm-apps/bionic | released | 1.6.4-4ubuntu0.2+esm9 |
| esm-apps/focal | released | 2.0.7-2ubuntu0.1+esm8 |
| esm-apps/jammy | released | 2.1.4-5ubuntu1.2 |
| esm-apps/xenial | released | 1.6.4-3ubuntu0.2+esm9 |
| esm-infra-legacy/trusty | ignored | changes too intrusive |
| jammy | released | 2.1.4-5ubuntu1.2 |
| noble | released | 2.2.7-1ubuntu0.5 |
| plucky | ignored | end of life, was needed |
| questing | released | 3.1.16-0.1ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS3
Связанные уязвимости
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a "redirect" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy's access controls. An attacker could exploit this by setting a crafted `x-sendfile-type: x-accel-redirect` header, setting a crafted `x-accel-mapping` header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypass p
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...
Rack has a Possible Information Disclosure Vulnerability
Уязвимость класса Rack::Sendfile модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.8 Medium
CVSS3