Описание
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:sinatrarb:sinatra:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:sinatra:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00278
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
redhat
почти 8 лет назад
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
EPSS
Процентиль: 51%
0.00278
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22