CVE-2020-8161

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8161

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8161.json

Aliases

GHSA-5f9h-9pjv-v6j7

Related

DLA-2216-1
DLA-2275-1
DLA-3298-1
USN-4561-1
USN-4561-2

Published

2020-07-02T19:15:12Z

Modified

2023-11-29T08:36:24.986738Z

Details

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

References

https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA
https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
https://hackerone.com/reports/434404
https://usn.ubuntu.com/4561-1/

Affected packages

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Introduced

0The exact introduced commit is unknown

Fixed

39d501a28c1fe51284addfe6dacffafb69d49849

Affected versions

0.*

0.1

0.2

0.3

1.*

1.0

1.1

1.2

1.2.1

1.3.0

1.3.0.beta

1.3.0.beta2

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.6.0

1.6.0.beta

1.6.0.beta2

2.*

2.0.0

2.0.0.alpha

2.0.0.rc1

2.0.1

2.1.0