Sha256: 9d669852b0dc227cd7b69205daadc7c6976965271bd4ca9735fd2193dbbfadc8

Contents?: true

Size: 461 Bytes

Versions: 5

Compression:

Stored size: 461 Bytes

Contents

---
gem: rack
cve: 2013-0262
osvdb: 89938
url: http://osvdb.org/show/osvdb/89938
title: |
  Rack Rack::File Function Symlink Traversal Arbitrary File Disclosure
date: 2013-02-07

description: |
  Rack contains a flaw as the Rack::File function creates temporary files
  insecurely. It is possible for a local attacker to use a symlink attack to
  traverse to an arbitrary file and disclose its contents

cvss_v2: 4.3
patched_versions:
- "~> 1.4.5"
- ">= 1.5.2"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rack/OSVDB-89938.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rack/OSVDB-89938.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/rack/OSVDB-89938.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/rack/OSVDB-89938.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/rack/OSVDB-89938.yml