Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Published: March 04, 2025
SECURITY IDENTIFIERS
- CVE: CVE-2025-27111 (NVD)
- GHSA: GHSA-8cgq-6mh2-7j6v
- Vendor Advisory: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
GEM
PATCHED VERSIONS
~> 2.2.12
~> 3.0.13
>= 3.1.11
DESCRIPTION
Summary
Rack::Sendfile can be exploited by crafting input that
includes newline characters to manipulate log entries.
Details
The Rack::Sendfile middleware logs unsanitized header values from
the X-Sendfile-Type header. An attacker can exploit this by
injecting escape sequences (such as newline characters) into the
header, resulting in log injection.
Impact
This vulnerability can distort log files, obscure attack traces, and complicate security auditing.
Mitigation
- Update to the latest version of Rack, or
- Remove usage of
Rack::Sendfile.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2025-27111
- https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
- https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53
- https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b
- https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
- https://github.com/advisories/GHSA-8cgq-6mh2-7j6v