[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2013-0262":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":72,"related":73,"reserved_at":9,"published_at":85,"modified_at":86,"state":87,"summary":88,"references_raw":97,"kevs":145,"epss":146,"epss_history":149,"metrics":405,"affected":410},"CVE-2013-0262","rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":45},"UBUNTU-CVE-2013-0262",{"_key":47},"OPENSUSE-SU-2025:14875-1",{"_key":49},"OPENSUSE-SU-2024:10115-1",{"_key":51},"OPENSUSE-SU-2024:12119-1",{"_key":53},"OPENSUSE-SU-2024:12397-1",{"_key":55},"OPENSUSE-SU-2024:12974-1",{"_key":57},"OPENSUSE-SU-2024:13167-1",{"_key":59},"OPENSUSE-SU-2024:13726-1",{"_key":61},"OPENSUSE-SU-2024:13727-1",{"_key":63},"OPENSUSE-SU-2025:14811-1",{"_key":65},"OPENSUSE-SU-2026:10358-1",{"_key":67},"OPENSUSE-SU-2026:10286-1",{"_key":69},"RHSA-2013:0638",{"_key":71},"DEBIAN-CVE-2013-0262",[],[74,75,76,77,78,79,80,81,82,83,84],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},"2013-02-08T20:00:00.000Z","2024-08-06T14:18:09.610Z","Modified",{"cisa_kev":89,"cisa_ransomware":89,"cisa_vendor":9,"epss_severity":90,"epss_score":91,"severity":92,"severity_score":93,"severity_version":94,"severity_source":95,"severity_vector":96,"severity_status":87},false,"low",0.01263,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:N/A:N",[98,104,109,116,120,124,128,132,137,141],{"url":99,"sources":100,"tags":102},"https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ",[101,95],"cve.org",[103],"X Refsource CONFIRM",{"url":105,"sources":106,"tags":107},"https://gist.github.com/rentzsch/4736940",[101,95],[108],"X Refsource MISC",{"url":110,"sources":111,"tags":112},"http://secunia.com/advisories/52033",[101,95],[113,114,115],"Third Party Advisory","X Refsource SECUNIA","Vendor Advisory",{"url":117,"sources":118,"tags":119},"http://rack.github.com/",[101,95],[103],{"url":121,"sources":122,"tags":123},"https://bugzilla.redhat.com/show_bug.cgi?id=909071",[101,95],[108],{"url":125,"sources":126,"tags":127},"https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ",[101,95],[103],{"url":129,"sources":130,"tags":131},"https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30",[101,95],[103],{"url":133,"sources":134,"tags":135},"http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html",[101,95],[115,136],"X Refsource SUSE",{"url":138,"sources":139,"tags":140},"https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56",[101,95],[108],{"url":142,"sources":143,"tags":144},"https://bugzilla.redhat.com/show_bug.cgi?id=909072",[101,95],[103],[],{"date":147,"score":91,"percentile":148},"2026-06-04",0.79775,[150,154,157,160,163,166,169,172,175,178,181,184,187,190,192,195,198,201,204,207,209,212,215,218,221,223,225,227,230,233,235,238,240,243,245,247,250,253,256,259,262,265,268,270,273,276,279,282,285,287,290,293,296,299,302,305,308,310,313,316,318,321,324,327,330,333,336,339,342,345,348,351,353,356,359,362,365,367,370,373,375,378,381,384,387,390,393,396,399,402],{"date":151,"score":152,"percentile":153},"2025-11-04",0.00826,0.73729,{"date":155,"score":152,"percentile":156},"2025-11-05",0.73713,{"date":158,"score":152,"percentile":159},"2025-11-06",0.7371,{"date":161,"score":152,"percentile":162},"2025-11-07",0.73728,{"date":164,"score":152,"percentile":165},"2025-11-08",0.73727,{"date":167,"score":152,"percentile":168},"2025-11-09",0.73722,{"date":170,"score":152,"percentile":171},"2025-11-10",0.73709,{"date":173,"score":152,"percentile":174},"2025-11-11",0.73714,{"date":176,"score":152,"percentile":177},"2025-11-12",0.73733,{"date":179,"score":152,"percentile":180},"2025-11-13",0.7374,{"date":182,"score":152,"percentile":183},"2025-11-14",0.73747,{"date":185,"score":152,"percentile":186},"2025-11-15",0.73745,{"date":188,"score":152,"percentile":189},"2025-11-16",0.73741,{"date":191,"score":152,"percentile":177},"2025-11-17",{"date":193,"score":152,"percentile":194},"2025-11-18",0.72394,{"date":196,"score":152,"percentile":197},"2025-11-19",0.72402,{"date":199,"score":152,"percentile":200},"2025-11-20",0.72411,{"date":202,"score":152,"percentile":203},"2025-11-21",0.73751,{"date":205,"score":152,"percentile":206},"2025-11-22",0.73742,{"date":208,"score":152,"percentile":165},"2025-11-23",{"date":210,"score":152,"percentile":211},"2025-11-24",0.73723,{"date":213,"score":152,"percentile":214},"2025-11-25",0.73725,{"date":216,"score":152,"percentile":217},"2025-11-26",0.73731,{"date":219,"score":152,"percentile":220},"2025-11-27",0.73734,{"date":222,"score":152,"percentile":214},"2025-11-28",{"date":224,"score":152,"percentile":174},"2025-11-29",{"date":226,"score":152,"percentile":171},"2025-11-30",{"date":228,"score":152,"percentile":229},"2025-12-01",0.73842,{"date":231,"score":152,"percentile":232},"2025-12-02",0.73847,{"date":234,"score":152,"percentile":232},"2025-12-03",{"date":236,"score":152,"percentile":237},"2025-12-04",0.73716,{"date":239,"score":152,"percentile":214},"2025-12-05",{"date":241,"score":152,"percentile":242},"2025-12-06",0.73724,{"date":244,"score":152,"percentile":214},"2025-12-07",{"date":246,"score":152,"percentile":153},"2025-12-08",{"date":248,"score":152,"percentile":249},"2025-12-09",0.7376,{"date":251,"score":152,"percentile":252},"2025-12-10",0.73792,{"date":254,"score":152,"percentile":255},"2025-12-11",0.73809,{"date":257,"score":152,"percentile":258},"2025-12-12",0.73831,{"date":260,"score":152,"percentile":261},"2025-12-13",0.73835,{"date":263,"score":152,"percentile":264},"2025-12-14",0.73833,{"date":266,"score":152,"percentile":267},"2025-12-15",0.73837,{"date":269,"score":152,"percentile":232},"2025-12-16",{"date":271,"score":152,"percentile":272},"2025-12-17",0.73858,{"date":274,"score":152,"percentile":275},"2025-12-18",0.73881,{"date":277,"score":152,"percentile":278},"2025-12-19",0.73898,{"date":280,"score":152,"percentile":281},"2025-12-20",0.73896,{"date":283,"score":152,"percentile":284},"2025-12-21",0.73889,{"date":286,"score":152,"percentile":284},"2025-12-22",{"date":288,"score":152,"percentile":289},"2025-12-23",0.73879,{"date":291,"score":152,"percentile":292},"2025-12-24",0.7389,{"date":294,"score":152,"percentile":295},"2025-12-25",0.73918,{"date":297,"score":152,"percentile":298},"2025-12-26",0.73914,{"date":300,"score":152,"percentile":301},"2025-12-27",0.73942,{"date":303,"score":152,"percentile":304},"2025-12-28",0.73891,{"date":306,"score":152,"percentile":307},"2025-12-29",0.73884,{"date":309,"score":152,"percentile":278},"2025-12-30",{"date":311,"score":152,"percentile":312},"2025-12-31",0.73928,{"date":314,"score":152,"percentile":315},"2026-01-01",0.74076,{"date":317,"score":152,"percentile":315},"2026-01-02",{"date":319,"score":152,"percentile":320},"2026-01-03",0.74078,{"date":322,"score":152,"percentile":323},"2026-01-04",0.73943,{"date":325,"score":152,"percentile":326},"2026-01-05",0.73935,{"date":328,"score":152,"percentile":329},"2026-01-06",0.73951,{"date":331,"score":152,"percentile":332},"2026-01-07",0.73959,{"date":334,"score":152,"percentile":335},"2026-01-08",0.73972,{"date":337,"score":152,"percentile":338},"2026-01-09",0.73979,{"date":340,"score":152,"percentile":341},"2026-01-10",0.73975,{"date":343,"score":152,"percentile":344},"2026-01-11",0.73962,{"date":346,"score":152,"percentile":347},"2026-01-12",0.73952,{"date":349,"score":152,"percentile":350},"2026-01-13",0.7395,{"date":352,"score":152,"percentile":341},"2026-01-14",{"date":354,"score":152,"percentile":355},"2026-01-15",0.73985,{"date":357,"score":152,"percentile":358},"2026-01-16",0.74001,{"date":360,"score":152,"percentile":361},"2026-01-17",0.73998,{"date":363,"score":152,"percentile":364},"2026-01-18",0.73974,{"date":366,"score":152,"percentile":344},"2026-01-19",{"date":368,"score":152,"percentile":369},"2026-01-20",0.73967,{"date":371,"score":152,"percentile":372},"2026-01-21",0.7397,{"date":374,"score":152,"percentile":341},"2026-01-22",{"date":376,"score":152,"percentile":377},"2026-01-23",0.74006,{"date":379,"score":152,"percentile":380},"2026-01-24",0.74014,{"date":382,"score":152,"percentile":383},"2026-01-25",0.73997,{"date":385,"score":152,"percentile":386},"2026-01-26",0.73995,{"date":388,"score":152,"percentile":389},"2026-01-27",0.74,{"date":391,"score":152,"percentile":392},"2026-01-28",0.74012,{"date":394,"score":152,"percentile":395},"2026-01-29",0.74013,{"date":397,"score":152,"percentile":398},"2026-01-30",0.74016,{"date":400,"score":152,"percentile":401},"2026-01-31",0.74022,{"date":403,"score":152,"percentile":404},"2026-02-01",0.74147,[406],{"source":95,"cvss_v2_0":407,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":93,"baseSeverity":9,"vectorString":96,"impactScore":408,"exploitabilityScore":409},2.9,8.6,[411],{"ecosystem":9,"name":412,"vendor":413,"product":412,"cpe_part":414,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":415},"rack","rack_project","a",[416,419,421,423,425,427,429],{"version":417,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.0","cpe",{"version":420,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.1",{"version":422,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.2",{"version":424,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.3",{"version":426,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.4.4",{"version":428,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.0",{"version":430,"is_range":89,"range_type":418,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.5.1"]