By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
View all Vulnerabilities

CVE-2025-27111

No items found.
Affects
Rack
<2.2.12, <3.0.13, <3.1.11
in
Rails
No items found.
Exclamation circle icon
Patch Available

This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs

View NES Solution

Overview

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header, allowing an attacker toinject escape sequences (such as newline characters) into the header, resulting in log injection.

This vulnerability affects Rack versions prior to 2.2.12, 3.0.13, and 3.1.11.

Details

Module Info

Product: Rack

Affected packages: rack

Affected versions: <2.2.12, <3.0.13, <3.1.11

Github repository: https://github.com/rack/rack

Published packages: https://rubygems.org/gems/rack

Package manager: RubyGems

Fixed in: Rack v2.2.12, v3.0.13, v3.1.11

Vulnerability Info

The vulnerability stems from improper neutralization of escape sequences in log entries, specifically the X-Sendfile-Type header in the Rack::Sendfile middleware. This allows attackers to manipulate log files by injecting newline characters, whichcan obscure attack traces and complicate security audits.

Steps To Reproduce

1. Set up a web server using a vulnerable version of Rack.

2. Send an HTTP request with a malicious X-Sendfile-Type header containing newline characters.

3. Observe the manipulation of log entries due to the unsanitized header value.

Mitigation

  • Upgrade to the latest version of Rack 4+.
  • If unable to upgrade, consider seeking assistance from a commercial support partner like HeroDevs.

Credit

N/A

Pink arrow
Pink arrow
CVE-2025-27111
CVE-2012-2695
CVE-2013-0156
CVE-2013-0277
CVE-2014-3483
CVE-2015-7581
CVE-2016-2098
CVE-2019-5418
CVE-2019-5420
CVE-2019-5418
CVE-2020-8159
CVE-2020-8165
CVE-2020-8162
CVE-2020-8163
CVE-2020-8161
CVE-2022-21831
CVE-2022-30123
CVE-2023-22794
CVE-2024-26142
CVE-2014-3482
CVE-2025-25184
What is a HeroDevs Security Advisory?
Vulnerability Details
ID
CVE-2025-27111
PROJECT Affected
Rack
Versions Affected
<2.2.12, <3.0.13, <3.1.11
Published date
≈ Fix date
March 4, 2025
Fixed in
Ruby on Rails NES
Severity
Category
No items found.
Sign up for the latest vulnerability alerts fixed in
Ruby on Rails NES
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.