Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN173

_____________________________________________________________________

DATE                : 26/03/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running rack (RubyGems) versions prior to
                                2.2.13, 3.0.14, 3.1.12.

=====================================================================
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
_____________________________________________________________________


Local file inclusion in `Rack::Static`
High
ioquatix published GHSA-7wqh-767x-r66v Mar 10, 2025

Package
rack (RubyGems)

Affected versions
< 2.2.13
>= 3.0, < 3.0.14
>= 3.1, < 3.1.12

Patched versions
2.2.13
3.0.14
3.1.12


Description

Summary

Rack::Static can serve files under the specified root: even if
urls: are provided, which may expose other files under the
specified root: unexpectedly.


Details

The vulnerability occurs because Rack::Static does not properly
sanitize user-supplied paths before serving files. Specifically,
encoded path traversal sequences are not correctly validated,
allowing attackers to access files outside the designated
static file directory.


Impact

By exploiting this vulnerability, an attacker can gain access
to all files under the specified root: directory, provided they
are able to determine then path of the file.


Mitigation

    Update to the latest version of Rack, or
    Remove usage of Rack::Static, or
    Ensure that root: points at a directory path which only
     contains files which should be accessed publicly.

It is likely that a CDN or similar static file server would
also mitigate the issue.


Severity
High
7.5/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE ID
CVE-2025-27610

Weaknesses
CWE-23


Credits

    @Masamuneee Masamuneee Reporter
    @jeremyevans jeremyevans Remediation developer
    @ioquatix ioquatix Coordinator


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================