CVE-2013-0262
08.02.2013, 20:55
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Vendor | Product | Version |
---|---|---|
rack_project | rack | 1.4.0 |
rack_project | rack | 1.4.1 |
rack_project | rack | 1.4.2 |
rack_project | rack | 1.4.3 |
rack_project | rack | 1.4.4 |
rack_project | rack | 1.5.0 |
rack_project | rack | 1.5.1 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References