DEBIAN-CVE-2013-0262
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 08 Feb 2013, 20:55
Last modified:28 Apr 2026, 20:12
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Feb 2013, 20:55
Published
Vulnerability first disclosed
28 Apr 2026, 20:12
Last Modified
Vulnerability information updated
Description
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
Affected Systems
- debian•ruby-rack
< 1.4.1-2.1 | < 1.4.1-2.1 | < 1.4.1-2.1 | < 1.4.1-2.1