Описание
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
Ссылки
- Patch
- Vendor Advisory
- ExploitPatch
- Patch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0 (включая)
Одновременно
Одно из
cpe:2.3:a:schneems:wicked:*:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.2:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.3:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.4:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.5:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.1.6:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.2.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.3.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.3.2:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.3.3:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.3.4:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.4.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.5.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:schneems:wicked:0.6.1:*:*:*:*:ruby:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00964
Низкий
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 76%
0.00964
Низкий
5 Medium
CVSS2
Дефекты
CWE-22