Skip to content

Adding new rake CVE's (2026-25500 and 206-22860) #1002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
diogolsq wants to merge 2 commits into from
Closed

Adding new rake CVE's (2026-25500 and 206-22860) #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d8a0075
feat: adding missing CVE to rack gem
diogolsq Feb 20, 2026
d720f67
feat: adding missing cvss_v3;
diogolsq Feb 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions gems/rack/CVE-2026-22860.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
gem: rack
cve: 2026-22860
ghsa: mxw3-3hh2-x2mh
url: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
title: Rack::Directory vulnerable to path traversal when serving files
date: 2026-02-16
description: |
## Summary

`Rack::Directory` is vulnerable to path traversal. An attacker can
request crafted paths and access files outside the configured root.

## Details

The vulnerability is in `Rack::Directory` path handling. Directory
traversal sequences are not sufficiently constrained before file
resolution, which can allow escaping the intended base directory.

Affected versions:

- `< 2.2.22`
- `>= 3.0.0, < 3.1.20`
- `>= 3.2.0, < 3.2.5`

## Impact

Applications that expose `Rack::Directory` can disclose arbitrary
files reachable by the process, including sensitive configuration or
application data.

## Mitigation

- Upgrade to a patched version of Rack.
- Avoid exposing `Rack::Directory` to untrusted paths.
cvss_v3: 7.5
patched_versions:
- "~> 2.2.22"
- "~> 3.1.20"
- ">= 3.2.5"
related:
url:
- https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
- https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
- https://github.com/advisories/GHSA-mxw3-3hh2-x2mh
44 changes: 44 additions & 0 deletions gems/rack/CVE-2026-25500.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
gem: rack
cve: 2026-25500
ghsa: whrj-4476-wvmp
url: https://github.com/advisories/GHSA-whrj-4476-wvmp
title: Rack::Directory vulnerable to reflected XSS in directory listings
date: 2026-02-16
description: |
## Summary
`Rack::Directory` is vulnerable to reflected cross-site scripting (XSS)
in generated directory listings.
## Details
User-controlled path content can be reflected in HTML output without
sufficient escaping in `Rack::Directory`. Visiting a crafted URL can
execute attacker-controlled JavaScript in a victim's browser.
Affected versions:
- `< 2.2.22`
- `>= 3.0.0.beta1, < 3.1.20`
- `>= 3.2.0, < 3.2.5`
## Impact
Successful exploitation can run arbitrary JavaScript in the origin of
the affected application, enabling session theft, content injection,
or phishing-style attacks against users.
## Mitigation
- Upgrade to a patched version of Rack.
- Avoid exposing `Rack::Directory` listings to untrusted users.
cvss_v3: 5.4
patched_versions:
- "~> 2.2.22"
- "~> 3.1.20"
- ">= 3.2.5"
related:
url:
- https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff
- https://github.com/advisories/GHSA-whrj-4476-wvmp