Directory Traversal Vulnerability in Rack Product by Rack
CVE-2013-0262

Currently unrated

Key Information:

Vendor: Rack Project
Status: Rack
Vendor: CVE Published:; 8 February 2013

What is CVE-2013-0262?

The vulnerability in Rack's file handling mechanism allows attackers to manipulate the PATH_INFO environment variable, enabling access to files outside the designated root directory. This flaw primarily affects versions 1.5.x prior to 1.5.2 and 1.4.x prior to 1.4.5, posing risks of unauthorized file disclosure and potential exploitation in web applications that utilize these versions.

References

https://groups.google.com/forum/#%21msg/rack-devel/mZsuRo...

x_refsource_CONFIRM

https://gist.github.com/rentzsch/4736940

x_refsource_MISC

http://secunia.com/advisories/52033

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 8, 2013
Vulnerability Reserved
Dec 6, 2012

Rack Project

What is CVE-2013-0262?

References

Timeline