CVE-2013-0262: Symlink path traversal in Rack::File

February 8, 2013 (updated August 13, 2018)

Affected versions allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka “symlink path traversals.”

References

rack.github.com/

Code Behaviors & Features

Detect and mitigate CVE-2013-0262 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →