EUVD-2017-0305

Malware in sbrugna...

GHSA-RPRJ-G6XC-P5GQ Wicked gem contains Path traversal vulnerability

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/renderredirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system...

Wicked gem contains Path traversal vulnerability

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/renderredirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system...

CVE-2013-4413

Directory traversal vulnerability in controller/concerns/renderredirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F encoded dot dot slash in the step...

CVE-2013-4413

Directory traversal vulnerability in controller/concerns/renderredirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F encoded dot dot slash in the step...

CVE-2013-4413

The Wicked gem for Ruby is affected by a directory traversal in controller/concerns/render_redirect.rb before version 1.0.1, where an attacker can read arbitrary files by sending a URL with encoded "../" sequences (via the_step parameter). Impact is reading arbitrary files; no exploitation detail...

Wicked Gem for Ruby contains a flaw

Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the 'thestep' parameter upon submission to the renderredirect.rb script. This may allow a remote attacker to gain access to arbitrary files...