CVE-2018-7212

Опубликовано: 18 фев. 2018

Источник: redhat

CVSS3: 5.3

Описание

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

A flaw was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra version 2.x before 2.0.1 on Windows. This flaw allows for path traversal on the system that contains backslash characters in the path. This flaw only affects Sinatra on Windows, Linux platforms are not affected.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	pcs	Not affected
Red Hat Enterprise Linux 7	pcs	Not affected
Red Hat OpenStack Platform 10 (Newton) Operational Tools	rubygem-sinatra	Not affected
Red Hat Satellite 6	rubygem-sinatra	Not affected
Red Hat Satellite 6	tfm-ror51-rubygem-sinatra	Not affected
Red Hat Software Collections	rh-ror50-rubygem-sinatra	Not affected
Red Hat Storage 3	rubygem-sinatra	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=1802282rubygem-sinatra: path traversal via backslash characters

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-7212

CVSS3: 5.3

nvd

почти 8 лет назад

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

GHSA-h29f-7f56-j8wh

CVSS3: 5.3

github

почти 8 лет назад

Sinatra Path Traversal vulnerability

5.3 Medium

CVSS3