oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal.

From: James Tucker <raggi () google com>
Date: Thu, 7 Feb 2013 19:32:52 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE: CVE-2013-0262
Software: Rack (rack.github.com)
Type of vulnerability: Information Disclosure
Vulnerable code: https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56
Patch: https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
Versions affected: All versions after 1.4.0
Versions fixed: 1.4.5, 1.5.2
Reporter: Ben Murphy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQEcBAEBAgAGBQJRFHFpAAoJELphsezQxofD0LUIAITA1X8+uJdAU0RkgFN0RXR5
zIpdeLFDqzPNd7Sfvo4titYHbXGYSQ0tQg6dZv4p+HzVRohDTNgUWuNPcnS+UDv/
sLrrrUOhVLyE+Ae2K0IhcJ4xZM0OPGOS07revtkGrKoFtOeWdrFT2zkjqxyFExIy
PW4PBsmHJTiKhoi83rtccMJFjefmkVXe0mbvS/QbekdTfbio08DeuOtsoEaoi0xA
gxPSam1kieyIkaKxFx8mQsqRhgaoIE3yMf6JuZvdX4k/hCSPSVBOmRKJqUN+cQRQ
Hb0U6zPF4DP32PjWh263f1cavhHvv0v3iikub/ekdJqQHRoW/sBLyZS4NonuXKU=
=g7UL
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: