Debian DLA-4505-1 ruby-rack Critical Directory Listing XSS
Posted: Mon Mar 23, 2026 3:00 am
Two vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface. CVE-2026-22860 Rack::Directory's path check used a string prefix match on the expanded path. A request like /../root_example/ could escape the
Source: https://linuxsecurity.com/advisories/de ... -ruby-rack
Source: https://linuxsecurity.com/advisories/de ... -ruby-rack