VulnerableCode Package Details - pkg:rpm/redhat/pcs@0.11.9-2?arch=el9

Search for packages

Vulnerability	Summary	Fixed by
VCID-w732-52bx-2qf8 Aliases: CVE-2025-25184 GHSA-7g2v-jj9q-g3rg	Possible Log Injection in Rack::CommonLogger ## Summary `Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. ## Details When a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. ## Impact Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. ## Mitigation - Update to the latest version of Rack.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-w732-52bx-2qf8
Aliases:
CVE-2025-25184
GHSA-7g2v-jj9q-g3rg

Possible Log Injection in Rack::CommonLogger ## Summary `Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. ## Details When a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. ## Impact Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. ## Mitigation - Update to the latest version of Rack.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:42:46.920083+00:00	RedHat Importer	Affected by	VCID-w732-52bx-2qf8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json	38.0.0

2026-04-01T13:42:46.920083+00:00

RedHat Importer

Affected by

VCID-w732-52bx-2qf8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25184.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1