exploitDog

GHSA-85r7-w5mv-c849

Опубликовано: 24 окт. 2017

Источник: github

Github: Прошло ревью

Описание

Rack Vulnerable to Path Traversal

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

Ссылки

Пакеты

Наименование

rack

rubygems

Затронутые версииВерсия исправления

>= 1.5.0, < 1.5.2

1.5.2

Наименование

rack

rubygems

Затронутые версииВерсия исправления

>= 1.4.0, < 1.4.5

1.4.5

EPSS

Процентиль: 74%

0.00826

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2013-0262

ubuntu

почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVE-2013-0262

redhat

почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVE-2013-0262

nvd

почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

CVE-2013-0262

debian

почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...

EPSS

Процентиль: 74%

0.00826

Низкий

CVE ID

Дефекты

CWE-22