oss-sec mailing list archives
CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal.
From: James Tucker <raggi () google com>
Date: Thu, 7 Feb 2013 19:32:52 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE: CVE-2013-0262 Software: Rack (rack.github.com) Type of vulnerability: Information Disclosure Vulnerable code: https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56 Patch: https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30 Versions affected: All versions after 1.4.0 Versions fixed: 1.4.5, 1.5.2 Reporter: Ben Murphy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) iQEcBAEBAgAGBQJRFHFpAAoJELphsezQxofD0LUIAITA1X8+uJdAU0RkgFN0RXR5 zIpdeLFDqzPNd7Sfvo4titYHbXGYSQ0tQg6dZv4p+HzVRohDTNgUWuNPcnS+UDv/ sLrrrUOhVLyE+Ae2K0IhcJ4xZM0OPGOS07revtkGrKoFtOeWdrFT2zkjqxyFExIy PW4PBsmHJTiKhoi83rtccMJFjefmkVXe0mbvS/QbekdTfbio08DeuOtsoEaoi0xA gxPSam1kieyIkaKxFx8mQsqRhgaoIE3yMf6JuZvdX4k/hCSPSVBOmRKJqUN+cQRQ Hb0U6zPF4DP32PjWh263f1cavhHvv0v3iikub/ekdJqQHRoW/sBLyZS4NonuXKU= =g7UL -----END PGP SIGNATURE-----
Current thread:
- CVE-2013-0262: Rack versions 1.4.0-1.5.1, Symlink path traversal. James Tucker (Feb 07)