CVE-2013-4413: Non properly sanitized input allows attackers to gain access to arbitrary files.

March 11, 2014 (updated August 28, 2017)

A vulnerability has been reported allowing an attacker to read arbitrary files on a system. Specially crafted url strings can be used to access unintended files via an escaped slash character %2e

References

seclists.org/oss-sec/2013/q4/43
github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53

Detect and mitigate CVE-2013-4413 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →