11 matches found
EUVD-2022-4514
Malicious code in bioql PyPI...
Directory Traversal
Overview mongrel is an A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps. Affected versions of this package are vulnerable to Directory Traversal via the DirHandler function in lib/mongrel/handlers.rb. An attacker can read arbitrary files by sending an HTTP reques...
Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
GHSA-M7R6-43V2-49VF Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
Directory traversal
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-6612
Vulnerability: Mongrel contains a directory traversal flaw in DirHandler (lib/mongrel/handlers.rb) affecting Mongrel 1.0.4 and 1.1.x prior to 1.1.3. An HTTP request with double-encoded sequences (.%252e) can cause reading of arbitrary files. MITRE/Exploit specifics are not provided in the sources...