GHSA-rprj-g6xc-p5gq

Source

https://github.com/advisories/GHSA-rprj-g6xc-p5gq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-rprj-g6xc-p5gq/GHSA-rprj-g6xc-p5gq.json

Aliases

CVE-2013-4413

Published

2017-10-24T18:33:37Z

Modified

2024-02-16T08:22:44.184696Z

Details

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.

References

https://nvd.nist.gov/vuln/detail/CVE-2013-4413
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53
https://exchange.xforce.ibmcloud.com/vulnerabilities/87783
https://github.com/advisories/GHSA-rprj-g6xc-p5gq
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/wicked/CVE-2013-4413.yml
https://github.com/schneems/wicked
https://web.archive.org/web/20210508170740/http://www.securityfocus.com/bid/62891
http://seclists.org/oss-sec/2013/q4/43

Affected packages

RubyGems / wicked

Package

Name: wicked

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.1

Affected versions

0.*

0.0.1

0.0.2

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6.pre

0.1.6

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.4.0

0.5.0

0.6.0

0.6.1

1.*

1.0.0