Path Traversal in Rack_project Rack

CVE-2013-0262

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnera…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.030 (85.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References