exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-22860

около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVSS3: 7.5

EPSS: Низкий

CVE-2026-22860

около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVSS3: 7.5

EPSS: Низкий

CVE-2026-22860

около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVSS3: 7.5

EPSS: Низкий

CVE-2026-22860

около 1 месяца назад

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...

CVSS3: 7.5

EPSS: Низкий

GHSA-mxw3-3hh2-x2mh

около 1 месяца назад

Rack has a Directory Traversal via Rack:Directory

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-22860 Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-22860 Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-22860 Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-22860 Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...	CVSS3: 7.5	0% Низкий	около 1 месяца назад
GHSA-mxw3-3hh2-x2mh Rack has a Directory Traversal via Rack:Directory	CVSS3: 7.5	0% Низкий	около 1 месяца назад

Уязвимостей на страницу