GHSA-8cgq-6mh2-7j6v: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Skip to content

Navigation Menu

• • GitHub Copilot

    Write better code with AI

  • Security

    Find and fix vulnerabilities

  • Actions

    Automate any workflow

  • Codespaces

    Instant dev environments

  • Issues

    Plan and track work

  • Code Review

    Manage code changes

  • Discussions

    Collaborate outside of code

  • Code Search

    Find more, search less

• Explore

  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• • Enterprise platform

    AI-powered developer platform

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2025-27111

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Moderate severity GitHub Reviewed Published Mar 4, 2025 in rack/rack • Updated Mar 4, 2025

Package

Affected versions

< 2.2.12

>= 3.0, < 3.0.13

>= 3.1, < 3.1.11

Patched versions

2.2.12

3.0.13

3.1.11

Description

Summary

Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries.

Details

The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.

Impact

This vulnerability can distort log files, obscure attack traces, and complicate security auditing.

Mitigation

• Update to the latest version of Rack, or
• Remove usage of Rack::Sendfile.

References

• GHSA-8cgq-6mh2-7j6v
• rack/rack@803aa22
• rack/rack@aeac570
• rack/rack@b13bc6b

Published to the GitHub Advisory Database

Mar 4, 2025

EPSS score