Lucene search
GoogleOSV:GHSA-RPRJ-G6XC-P5GQHistoryOct 24, 2017 - 6:33 p.m.
Wicked gem contains Path traversal vulnerability
2017-10-2418:33:37
Google
osv.dev
8
EPSS
0.011
Percentile
84.4%
The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.
References
seclists.org/oss-sec/2013/q4/43
exchange.xforce.ibmcloud.com/vulnerabilities/87783
github.com/advisories/GHSA-rprj-g6xc-p5gq
github.com/rubysec/ruby-advisory-db/blob/master/gems/wicked/CVE-2013-4413.yml
github.com/schneems/wicked
github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53
nvd.nist.gov/vuln/detail/CVE-2013-4413
web.archive.org/web/20210508170740/www.securityfocus.com/bid/62891
Related
prion
prion
Directory traversal
2014-03-11 19:37:00
cve
cve
CVE-2013-4413
2014-03-11 19:37:02
rubygems
rubygems
Wicked Gem for Ruby contains a flaw
2013-10-07 20:00:00
cvelist
cvelist
CVE-2013-4413
2014-03-11 15:00:00
nvd
nvd
CVE-2013-4413
2014-03-11 19:37:02
github
github
Wicked gem contains Path traversal vulnerability
2017-10-24 18:33:37