Sha256: 17edb96835b49fef61455bf43989b82a97be9ddaca6d3f1563bf81d1f012a98f
Contents?: true
Size: 969 Bytes
Versions: 1
Compression:
Stored size: 969 Bytes
Contents
--- gem: rack cve: 2020-8161 url: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA date: 2020-05-12 title: Directory traversal in Rack::Directory app bundled with Rack description: | There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. Versions Affected: rack < 2.2.0 Not affected: Applications that do not use Rack::Directory. Fixed Versions: 2.1.3, >= 2.2.0 Impact ------ If certain directories exist in a director that is managed by `Rack::Directory`, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer. Workarounds ----------- Until such time as the patch is applied or their Rack version is upgraded, we recommend that developers do not use Rack::Directory in their applications. patched_versions: - "~> 2.1.3" - ">= 2.2.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rack/CVE-2020-8161.yml |