Updated advisory posts against rubysec/ruby-advisory-db@b7fc2b1

Author: rakvium

advisories/_posts/2025-03-10-CVE-2025-27610.md

@@ -0,0 +1,45 @@
+---
+layout: advisory
+title: 'CVE-2025-27610 (rack): Local File Inclusion in Rack::Static'
+comments: false
+categories:
+- rack
+advisory:
+  gem: rack
+  cve: 2025-27610
+  ghsa: 7wqh-767x-r66v
+  url: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+  title: Local File Inclusion in Rack::Static
+  date: 2025-03-10
+  description: |-
+    ## Summary
+
+    `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.
+
+    ## Details
+
+    The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.
+
+    ## Impact
+
+    By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.
+
+    ## Mitigation
+
+    - Update to the latest version of Rack, or
+    - Remove usage of `Rack::Static`, or
+    - Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.
+
+    It is likely that a CDN or similar static file server would also mitigate the issue.
+  cvss_v3: 7.5
+  cvss_v4:
+  patched_versions:
+  - "~> 2.2.13"
+  - "~> 3.0.14"
+  - ">= 3.1.12"
+  related:
+    url:
+    - https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
+    - https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
+    - https://github.com/advisories/GHSA-7wqh-767x-r66v
+---