CVE-2020-8161
02.07.2020, 19:15
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
| Vendor | Product | Version |
|---|---|---|
| rack_project | rack | 𝑥 < 2.2.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 18.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-548 - Exposure of Information Through Directory ListingA directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
References