Directory Traversal Vulnerability in Rack Library by Ruby
CVE-2020-8161

8.6HIGH

Key Information:

Vendor: Rack Project
Status: Https://github.com/rack/rack
Vendor: CVE Published:; 2 July 2020

🔔 Create Rack Project Vulnerability Alert

What is CVE-2020-8161?

A directory traversal vulnerability exists in the Rack library, specifically in versions prior to 2.2.0. This issue allows attackers to manipulate requests to access files and directories that should be restricted, potentially leading to unauthorized information disclosure. The flaw is particularly significant in the Rack::Directory application, where it can be exploited to gain sensitive data from the server filesystem. Users are advised to upgrade to secure versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

https://github.com/rack/rack Fixed in 2.1.3, >= 2.2.0

References

https://hackerone.com/reports/434404

https://groups.google.com/g/rubyonrails-security/c/IOO1vN...

https://lists.debian.org/debian-lts-announce/2020/07/msg0...

mailing-list

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jan 28, 2020

JSON

Rack Project

What is CVE-2020-8161?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.