Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0262

Опубликовано: 08 фев. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00826
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2013-0262

ubuntu
почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

redhat логотип

CVE-2013-0262

redhat
почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

debian логотип

CVE-2013-0262

debian
почти 13 лет назад

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...

github логотип

GHSA-85r7-w5mv-c849

github
больше 8 лет назад

Rack Vulnerable to Path Traversal

EPSS

Процентиль: 74%
0.00826
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-22