Back to search
CVE-2013-0262
Published: Feb 8, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ
x_refsource_CONFIRM
https://gist.github.com/rentzsch/4736940
x_refsource_MISC
52033
third-party-advisory
x_refsource_SECUNIA
http://rack.github.com/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=909071
x_refsource_MISC
https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ
x_refsource_CONFIRM
https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
x_refsource_CONFIRM
openSUSE-SU-2013:0462
vendor-advisory
x_refsource_SUSE
https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=909072
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now