CVE-2013-4413

Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
schneemswicked
𝑥
≤ 1.0.0
schneemswicked
0.0.1
schneemswicked
0.0.2
schneemswicked
0.1.0
schneemswicked
0.1.1
schneemswicked
0.1.2
schneemswicked
0.1.3
schneemswicked
0.1.4
schneemswicked
0.1.5
schneemswicked
0.1.6
schneemswicked
0.2.0
schneemswicked
0.3.0
schneemswicked
0.3.1
schneemswicked
0.3.2
schneemswicked
0.3.3
schneemswicked
0.3.4
schneemswicked
0.4.0
schneemswicked
0.5.0
schneemswicked
0.6.0
schneemswicked
0.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2013/q4/43
http://secunia.com/advisories/55151
http://www.securityfocus.com/bid/62891
https://exchange.xforce.ibmcloud.com/vulnerabilities/87783
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53
http://seclists.org/oss-sec/2013/q4/43
http://secunia.com/advisories/55151
http://www.securityfocus.com/bid/62891
https://exchange.xforce.ibmcloud.com/vulnerabilities/87783
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53