File rubygem-rack-CVE-2025-27610.patch of Package rubygem-rack-1_6.37860

Index: rack-1.6.8/lib/rack/static.rb
===================================================================
--- rack-1.6.8.orig/lib/rack/static.rb
+++ rack-1.6.8/lib/rack/static.rb
@@ -108,8 +108,9 @@ module Rack
 
     def call(env)
       path = env[PATH_INFO]
+      actual_path = Utils.clean_path_info(Utils.unescape_path(path))
 
-      if can_serve(path)
+      if can_serve(actual_path)
         env["PATH_INFO"] = (path =~ /\/$/ ? path + @index : @urls[path]) if overwrite_file_path(path)
         path = env["PATH_INFO"]
         response = @file_server.call(env)

Places

File rubygem-rack-CVE-2025-27610.patch of Package rubygem-rack-1_6.37860

Places