exploitDog

GHSA-rprj-g6xc-p5gq

Опубликовано: 24 окт. 2017

Источник: github

Github: Прошло ревью

Описание

Wicked gem contains Path traversal vulnerability

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.

Ссылки

Пакеты

Наименование

wicked

rubygems

Затронутые версииВерсия исправления

< 1.0.1

1.0.1

EPSS

Процентиль: 76%

0.00964

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2013-4413

nvd

почти 12 лет назад

Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.

EPSS

Процентиль: 76%

0.00964

Низкий

CVE ID

Дефекты

CWE-22