Directory Traversal Vulnerability in Rack Library by Ruby
CVE-2020-8161

8.6HIGH

Key Information:

Vendor: Rack Project
Status: Https://github.com/rack/rack
Vendor: CVE Published:; 2 July 2020

What is CVE-2020-8161?

A directory traversal vulnerability exists in the Rack library, specifically in versions prior to 2.2.0. This issue allows attackers to manipulate requests to access files and directories that should be restricted, potentially leading to unauthorized information disclosure. The flaw is particularly significant in the Rack::Directory application, where it can be exploited to gain sensitive data from the server filesystem. Users are advised to upgrade to secure versions to mitigate this risk.

Affected Version(s)

https://github.com/rack/rack Fixed in 2.1.3, >= 2.2.0

References

https://hackerone.com/reports/434404

https://groups.google.com/g/rubyonrails-security/c/IOO1vN...

https://lists.debian.org/debian-lts-announce/2020/07/msg0...

mailing-list

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jan 28, 2020

Rack Project

What is CVE-2020-8161?

Affected Version(s)

References

CVSS V3.1

Timeline