Wicked gem contains Path traversal vulnerability · CVE-2013-4413 · GitHub Advisory Database · GitHub

Wicked gem contains Path traversal vulnerability

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Jul 4, 2023

Package

wicked (RubyGems)

Affected versions

< 1.0.1

Patched versions

1.0.1

Description

The Wicked gem prior to v1.0.1 allows a remote attacker to traverse directories on the system via a vulnerability in controller/concerns/render_redirect.rb. An attacker can send a specially-crafted URL request containing %2E%2E%2F directory traversal sequences to read arbitrary files on the system.

References

Published to the GitHub Advisory Database Oct 24, 2017

Reviewed Jun 16, 2020

Last updated Jul 4, 2023