2 matches found
rack: rubygem-rack: Local File Inclusion in Rack::Static
A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...
The vulnerability of ScrutisWeb banknote monitoring software arises from an incorrect path limitation for the access to the restricted directory. This allows a hacker to gain direct access to any file outside of the root directory.
The vulnerability of ScrutisWeb banknote monitoring software exists due to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain direct access to any file outside of the root directory...