GHSA-m7r6-43v2-49vf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m7r6-43v2-49vf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7r6-43v2-49vf/GHSA-m7r6-43v2-49vf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m7r6-43v2-49vf
- Aliases
-
- CVE-2007-6612
- Published
- 2022-05-01T18:44:39Z
- Modified
- 2024-12-02T05:47:30.755244Z
- Summary
- Mongrel vulnerable to directory traversal via double-encoded sequences
- Details
-
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 (1.0.3 and prior are not affected) and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (
.%252e). - Database specific
{ "nvd_published_at": "2008-01-03T22:46:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-09-21T23:19:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-6612
- https://github.com/mongrel/mongrel
- https://lists.apple.com/archives/security-announce/2008//May/msg00001.html
- https://web.archive.org/web/20080111034049/http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.html
- https://web.archive.org/web/20200301091534/http://www.securityfocus.com/bid/27133