Описание
The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ruby-lang:webrick:1.4.2:*:*:*:*:ruby:*:*
EPSS
Процентиль: 10%
0.00036
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem."
EPSS
Процентиль: 10%
0.00036
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22