cbcvebase.
CVE-2020-8161
published 2020-07-02

CVE-2020-8161: A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is…

PriorityP347high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EPSS
3.59%
88.0th percentile
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

Affected

7 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianruby-rack< ruby-rack 2.1.1-5 (bookworm)ruby-rack 2.1.1-5 (bookworm)
httpsgithub.com_rack_rack
rackrack>= 0 < 2.1.32.1.3
rack_projectrack< 2.2.02.2.0

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv8.6HIGH
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
vendor_ubuntu8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.