CVE-2026-25500

Medium CVSS: 5.4

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

Vendor

Rack

Product

Rack

CWE

CWE-79

Yayın Tarihi

2026-02-18 20:18:36

Güncelleme

2026-02-19 18:26:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Rack MEDIUM Rack 2026

Referanslar

https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp

Benzer Kayıtlar

Medium

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack…

High

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check…

High

CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the…

Medium

CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclos…

High

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser`…

High

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` c…