Описание
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libplack-perl | fixed | 1.0031-1 | package | |
| libplack-perl | fixed | 0.9989-1+deb7u1 | wheezy | package |
Примечания
https://github.com/plack/Plack/issues/405
EPSS
Связанные уязвимости
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
EPSS