CVE-2014-5269

Published: Sep 4, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20140816 Re: CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure

mailing-list

x_refsource_MLIST

FEDORA-2014-9544

vendor-advisory

x_refsource_FEDORA

https://github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3

x_refsource_CONFIRM

109928

vdb-entry

x_refsource_OSVDB

https://github.com/plack/Plack/issues/405

x_refsource_CONFIRM

http://api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes

x_refsource_CONFIRM

FEDORA-2014-9542

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-5269

Description

Affected Products

References