CVE-2013-4413Path Traversal in Wicked

CWE-22Path Traversal3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse WickedSchneems Wicked
Timeline
PublishedMar 11
Latest updateOct 24

Description

Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

RubyGemsopensuse/wicked< 1.0.1
NVDschneems/wicked1.0.0+19

Patches

Patch: seclists.orgPatch: github.comPatch: seclists.org

🔴Vulnerability Details

2
GHSA
Wicked gem contains Path traversal vulnerability2017-10-24
OSV
Wicked gem contains Path traversal vulnerability2017-10-24