Two vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface. CVE-2026-22860 Rack::Directory's path check used a string prefix match on the expanded path. A request like /../root_example/ could escape the
Source: https://linuxsecurity.com/advisories/de ... -ruby-rack
Debian DLA-4505-1 ruby-rack Critical Directory Listing XSS
Who is online
Users browsing this forum: No registered users and 1 guest