DEBIAN-CVE-2026-22860
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-22860
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22860.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-22860
- Upstream
- Published
- 2026-02-18T19:21:43.933Z
- Modified
- 2026-02-19T17:21:43.624935Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5,
Rack::Directory’s path check used a string prefix match on the expanded path. A request like/../root_example/can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue. - References
Affected packages
Debian:11 / ruby-rack
Package
- Name
- ruby-rack
- Purl
- pkg:deb/debian/ruby-rack?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.1.4-3
2.1.4-3+deb11u1
2.1.4-3+deb11u2
2.1.4-3+deb11u3
2.1.4-3+deb11u4
2.1.4-4
2.1.4-5
2.2.3-1
2.2.3-2
2.2.3-3
2.2.3-4
2.2.4-1
2.2.4-2
2.2.4-3
2.2.6.4-1
2.2.7-1
2.2.7-1.1
2.2.13-1~deb12u1
3.*
3.0.0-1
3.0.8-1
3.0.8-2
3.0.8-3
3.0.8-4
3.1.9-1~exp1
3.1.9-2
3.1.12-1
3.1.12-2~exp1
3.1.16-0.1
3.1.18-1~deb13u1
3.1.18-1
3.2.4-1
Debian:12 / ruby-rack
Package
- Name
- ruby-rack
- Purl
- pkg:deb/debian/ruby-rack?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / ruby-rack
Package
- Name
- ruby-rack
- Purl
- pkg:deb/debian/ruby-rack?arch=source
Debian:14 / ruby-rack
Package
- Name
- ruby-rack
- Purl
- pkg:deb/debian/ruby-rack?arch=source