CVE-2025-27111 | Rack up to 2.2.11/3.0.12/3.1.10 Header Rack::Sendfile X-Sendfile-Type crlf injection

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability classified as problematic has been found in Rack up to 2.2.11/3.0.12/3.1.10. Affected is the function Rack::Sendfile of the component Header Handler. The manipulation of the argument X-Sendfile-Type leads to crlf injection.

This vulnerability is traded as CVE-2025-27111. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-27111 | Rack up to 2.2.11/3.0.12/3.1.10 Header Rack::Sendfile X-Sendfile-Type crlf injection

Post correlati

CVE-2024-9334 | E-Kent Pallium Vehicle Tracking prior 17.10.2024 hard-coded credentials

CVE-2025-21424 | Qualcomm Snapdragon Auto up to WSA8845H use after free

CVE-2024-6138 | Secure Copy Content Protection and Content Locking Plugin Setting cross site scripting

CVE-2024-6363 | Stock Ticker Plugin up to 3.24.4 on WordPress Shortcode stock_ticker cross site scripting