Home

CVE-2013-0262

Description

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.826

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack 1.5.2Windows
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack 1.4.5Windows
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack for Linux 1.5.2Linux
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack for Linux 1.4.5Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234