GHSA-5f9h-9pjv-v6j7

Source

https://github.com/advisories/GHSA-5f9h-9pjv-v6j7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-5f9h-9pjv-v6j7/GHSA-5f9h-9pjv-v6j7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5f9h-9pjv-v6j7

Aliases

CVE-2020-8161

Published

2020-07-06T21:31:02Z

Modified

2024-02-18T05:43:06.611560Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Directory traversal in Rack::Directory app bundled with Rack

Details

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

Database specific

{
    "nvd_published_at": "2020-07-02T19:15:00Z",
    "cwe_ids": [
        "CWE-22",
        "CWE-548"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-06T21:30:32Z"
}

References

Affected packages

RubyGems / rack

Package

Name: rack
Purl: pkg:gem/rack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.3

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.1.0

1.1.1.pre

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.3.0.beta

1.3.0.beta2

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.3.10

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0.beta.1

1.5.0.beta.2

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6.0.beta

1.6.0.beta2

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.6.11

1.6.12

1.6.13

2.*

2.0.0.alpha

2.0.0.rc1

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.9.1

2.0.9.2

2.0.9.3

2.1.0

2.1.1

2.1.2