Candidate: CVE-2013-0262
PublicDate: 2013-02-08 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262
 http://www.openwall.com/lists/oss-security/2013/02/07
Description:
 rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5
 allows attackers to access arbitrary files outside the intended root
 directory via a crafted PATH_INFO environment variable, probably a
 directory traversal vulnerability that is remotely exploitable, aka
 "symlink path traversals."
Ubuntu-Description:
Notes:
 jdstrand> per upstream, only 1.4 and higher
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-rack:
 upstream: https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30
upstream_ruby-rack: released (1.4.5, 1.5.2)
hardy_ruby-rack: DNE
lucid_ruby-rack: DNE
oneiric_ruby-rack: DNE
precise_ruby-rack: not-affected (1.3.5-1)
quantal_ruby-rack: ignored (reached end-of-life)
raring_ruby-rack: ignored (reached end-of-life)
saucy_ruby-rack: released (1.5.2-1)
trusty_ruby-rack: released (1.5.2-1)
trusty/esm_ruby-rack: released (1.5.2-1)
devel_ruby-rack: released (1.5.2-1)