Updated advisory posts against rubysec/ruby-advisory-db@8ab1b43

postmodern · RubySec CI · commit cc93d285dcc5 · 2025-03-05T20:13:21.000Z
diff --git a/advisories/_posts/2025-03-04-CVE-2025-27111.md b/advisories/_posts/2025-03-04-CVE-2025-27111.md
@@ -0,0 +1,50 @@
+---
+layout: advisory
+title: 'CVE-2025-27111 (rack): Escape Sequence Injection vulnerability in Rack lead
+  to Possible Log Injection'
+comments: false
+categories:
+- rack
+advisory:
+  gem: rack
+  cve: 2025-27111
+  ghsa: 8cgq-6mh2-7j6v
+  url: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
+  title: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
+  date: 2025-03-04
+  description: |
+    ## Summary
+
+    `Rack::Sendfile` can be exploited by crafting input that
+    includes newline characters to manipulate log entries.
+
+    ## Details
+
+    The `Rack::Sendfile` middleware logs unsanitized header values from
+    the `X-Sendfile-Type` header. An attacker can exploit this by
+    injecting escape sequences (such as newline characters) into the
+    header, resulting in log injection.
+
+    ## Impact
+
+    This vulnerability can distort log files, obscure
+    attack traces, and complicate security auditing.
+
+    ## Mitigation
+
+    - Update to the latest version of Rack, or
+    - Remove usage of `Rack::Sendfile`.
+  cvss_v4: 6.9
+  patched_versions:
+  - "~> 2.2.12"
+  - "~> 3.0.13"
+  - ">= 3.1.11"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-27111
+    - https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
+    - https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
+    - https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
+    - https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
+    - https://github.com/advisories/GHSA-8cgq-6mh2-7j6v
+---
