/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-27111

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27111

CGA ID

CGA-qcv8-33fp-g3mf

Severity

Unknown

Description

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs