Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index contains an anchor whose `href` is exactly `javascript:alert(1)`. Clicking the entry executes JavaScript in the browser (demonstrated with `alert(1)`). Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Rack 跨站脚本漏洞

Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 2.2.22之前版本、3.1.20之前版本和3.2.5之前版本存在跨站脚本漏洞，该漏洞源于Rack::Directory生成的HTML目录索引中存在可点击的javascript:链接，可能导致点击时在浏览器中执行JavaScript。

N/A

N/A