PublicDateAtUSN: 2020-07-02 19:15:00 UTC
Candidate: CVE-2020-8161
PublicDate: 2020-07-02 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
 https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
 https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
 https://ubuntu.com/security/notices/USN-4561-1
 https://ubuntu.com/security/notices/USN-4561-2
Description:
 A directory traversal vulnerability exists in rack < 2.2.0 that allows an
 attacker perform directory traversal vulnerability in the Rack::Directory
 app that is bundled with Rack which could result in information disclosure.
Ubuntu-Description:
 It was discovered that Rack incorrectly handled certain paths. An attacker
 could possibly use this issue to obtain sensitive information.
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N [8.6 HIGH]


Patches_ruby-rack:
upstream_ruby-rack: needs-triage
precise/esm_ruby-rack: DNE
trusty_ruby-rack: ignored (out of standard support)
trusty/esm_ruby-rack: needs-triage
xenial_ruby-rack: released (1.6.4-3ubuntu0.2)
bionic_ruby-rack: released (1.6.4-4ubuntu0.2)
eoan_ruby-rack: ignored (reached end-of-life)
focal_ruby-rack: released (2.0.7-2ubuntu0.1)
groovy_ruby-rack: not-affected (2.1.1-5)
hirsute_ruby-rack: not-affected (2.1.1-5)
impish_ruby-rack: not-affected (2.1.1-5)
jammy_ruby-rack: not-affected (2.1.1-5)
devel_ruby-rack: not-affected (2.1.1-5)