rack/file.rb (Rack::File) in Rack 1.5.x prior to 1.5.2 and 1.4.x prior to 1.4.5 allows malicious users to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rack project rack 1.4.4 |
||
rack project rack 1.4.2 |
||
rack project rack 1.4.3 |
||
rack project rack 1.4.0 |
||
rack project rack 1.5.1 |
||
rack project rack 1.4.1 |
||
rack project rack 1.5.0 |