Lucene search
RedhatCVE-2013-4413HistoryMar 11, 2014 - 7:37 p.m.
CVE-2013-4413
2014-03-1119:37:02
CWE-22
redhat
web.nvd.nist.gov
51
cve
2013
4413
directory traversal
vulnerability
wicked gem
ruby
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.011
Percentile
84.4%
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
Affected configurations
Node
schneemswickedRange≤1.0.0ruby
ORschneemswickedMatch0.0.1ruby
ORschneemswickedMatch0.0.2ruby
ORschneemswickedMatch0.1.0ruby
ORschneemswickedMatch0.1.1ruby
ORschneemswickedMatch0.1.2ruby
ORschneemswickedMatch0.1.3ruby
ORschneemswickedMatch0.1.4ruby
ORschneemswickedMatch0.1.5ruby
ORschneemswickedMatch0.1.6ruby
ORschneemswickedMatch0.2.0ruby
ORschneemswickedMatch0.3.0ruby
ORschneemswickedMatch0.3.1ruby
ORschneemswickedMatch0.3.2ruby
ORschneemswickedMatch0.3.3ruby
ORschneemswickedMatch0.3.4ruby
ORschneemswickedMatch0.4.0ruby
ORschneemswickedMatch0.5.0ruby
ORschneemswickedMatch0.6.0ruby
ORschneemswickedMatch0.6.1ruby
ruby-langruby
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneems | wicked | * | cpe:2.3:a:schneems:wicked:*:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.0.1 | cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.0.2 | cpe:2.3:a:schneems:wicked:0.0.2:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.0 | cpe:2.3:a:schneems:wicked:0.1.0:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.1 | cpe:2.3:a:schneems:wicked:0.1.1:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.2 | cpe:2.3:a:schneems:wicked:0.1.2:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.3 | cpe:2.3:a:schneems:wicked:0.1.3:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.4 | cpe:2.3:a:schneems:wicked:0.1.4:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.5 | cpe:2.3:a:schneems:wicked:0.1.5:*:*:*:*:ruby:*:* |
| schneems | wicked | 0.1.6 | cpe:2.3:a:schneems:wicked:0.1.6:*:*:*:*:ruby:*:* |
Related
prion
prion
Directory traversal
2014-03-11 19:37:00
rubygems
rubygems
Wicked Gem for Ruby contains a flaw
2013-10-07 20:00:00
osv
osv
Wicked gem contains Path traversal vulnerability
2017-10-24 18:33:37
cvelist
cvelist
CVE-2013-4413
2014-03-11 15:00:00
nvd
nvd
CVE-2013-4413
2014-03-11 19:37:02
github
github
Wicked gem contains Path traversal vulnerability
2017-10-24 18:33:37
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.011
Percentile
84.4%
Related for CVE-2013-4413