CVE-2020-8161Exposure of Information Through Directory Listing in Project Rack

CWE-548Exposure of Information Through Directory ListingCWE-22Path Traversal14 documents8 sources
Severity
8.6HIGHNVD
EPSS
0.9%
top 24.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Rack Project RackRackHttps Github.com Rack Rack+2 more
Timeline
PublishedJul 2
Latest updateApr 6

Description

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

RubyGemsrack/rack< 2.1.3
NVDrack_project/rack< 2.2.0
CVEListV5https/github.com_rack_rackFixed in 2.1.3, >= 2.2.0

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 18.04

Patches

Patch: groups.google.comPatch: groups.google.com

🔴Vulnerability Details

6
OSV
ruby-rack vulnerabilities2021-04-06
OSV
ruby-rack vulnerabilities2020-09-30
GHSA
Directory traversal in Rack::Directory app bundled with Rack2020-07-06
OSV
Directory traversal in Rack::Directory app bundled with Rack2020-07-06
OSV
CVE-2020-8161: A directory traversal vulnerability exists in rack < 22020-07-02

📋Vendor Advisories

4
Ubuntu
Rack vulnerabilities2021-04-06
Ubuntu
Rack vulnerabilities2020-09-30
Red Hat
rubygem-rack: directory traversal in Rack::Directory2020-05-12
Debian
CVE-2020-8161: ruby-rack - A directory traversal vulnerability exists in rack < 2.2.0 that allows an attack...2020

💬Community

3
Bugzilla
CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory [fedora-all]2020-05-20
Bugzilla
CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory2020-05-20
Bugzilla
CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory [epel-all]2020-05-20
CVE-2020-8161 — Rack Project Rack vulnerability | cvebase