/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-g5c9-pcg4-r8w7

Published

Last updated

https://images.chainguard.dev/security/CGA-g5c9-pcg4-r8w7
Package

gitlab-cng-17.0

Repository

Chainguard

Latest Update
Under investigation
Aliases
  • GHSA-8cgq-6mh2-7j6v

Severity

Unknown

Summary

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Description

Summary

Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries.

Details

The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.

Impact

This vulnerability can distort log files, obscure attack traces, and complicate security auditing.

Mitigation

  • Update to the latest version of Rack, or
  • Remove usage of Rack::Sendfile.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs